QwikSec

Security Database

CVE

CWE

Training

CVE-2015-1218

Published: Mar 9, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple use-after-free vulnerabilities in the DOM implementation in Blink, as used in Google Chrome before 41.0.2272.76, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger movement of a SCRIPT element to different documents, related to (1) the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp and (2) the SVGScriptElement::didMoveToNewDocument function in core/svg/SVGScriptElement.cpp.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_UBUNTU

vdb-entry

x_refsource_BID

vendor-advisory

x_refsource_GENTOO

vendor-advisory

x_refsource_REDHAT

http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html

x_refsource_CONFIRM

https://code.google.com/p/chromium/issues/detail?id=456059

x_refsource_CONFIRM

https://src.chromium.org/viewvc/blink?revision=189886&view=revision

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.