Severity: high

Downloads Resources over HTTP



Affected versions of appium-chromedriver insecurely download resources over HTTP.

In scenarios where an attacker has a privileged network position, they can modify or read items send over HTTP at will. In this case, that includes the chromedriver binary, which may result in remote code execution if overwritten with a malicious binary.


Update to version 2.9.4 or later.

Have content suggestions? Send them to [email protected]

Advisory timeline

  1. published

    Advisory published
    Dec 6th, 2016
  2. reported

    Initial report by Adam Baldwin
    Nov 30th, 2016