[Forgot Password]
Login  Register Subscribe

30389

 
 

423868

 
 

244625

 
 

909

 
 

193379

 
 

277

Paid content will be excluded from the download.


Download | Alert*
OVAL

Multiple use-after-free vulnerabilities in Blink in Google Chrome via extraneous change events (Mac OS X)

ID: oval:org.secpod.oval:def:23874Date: (C)2015-03-18   (M)2023-11-16
Class: VULNERABILITYFamily: macos




The host is installed with Google Chrome before 41.0.2272.76 and is prone to multiple use-after-free vulnerabilities. The flaws are present in core/html/HTMLInputElement.cpp in the DOM implementation in Blink, as used in Google Chrome, which fails to properly handle vectors that trigger extraneous change events, as demonstrated by events for invalid input or input to read-only fields, related to the initializeTypeInParsing and updateType functions. Successful exploitation allows remote attackers to cause a denial of service or possibly have unspecified other impact.

Platform:
Apple Mac OS 14
Apple Mac OS 13
Apple Mac OS 12
Apple Mac OS 11
Apple Mac OS X 10.15
Apple Mac OS X 10.14
Apple Mac OS X 10.12
Apple Mac OS X 10.13
Apple Mac OS X 10.8
Apple Mac OS X 10.9
Apple Mac OS X 10.10
Apple Mac OS X 10.11
Apple Mac OS X Server 10.8
Apple Mac OS X Server 10.9
Apple Mac OS X Server 10.10
Apple Mac OS X Server 10.11
Product:
Google Chrome
Reference:
CVE-2015-1223
CVE    1
CVE-2015-1223
CPE    1
cpe:/a:google:chrome

© SecPod Technologies