CVE-2015-1209
Publication date 6 February 2015
Last updated 24 July 2024
Ubuntu priority
Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 14.04 LTS trusty |
Fixed 40.0.2214.111-0ubuntu0.14.04.1.1069
|
|
| oxide-qt | ||
| 14.04 LTS trusty |
Fixed 1.4.3-0ubuntu0.14.04.1
|
|
References
Related Ubuntu Security Notices (USN)
- USN-2495-1
- Oxide vulnerabilities
- 10 February 2015
Other references
- https://src.chromium.org/viewvc/blink?revision=188788&view=revision
- https://code.google.com/p/chromium/issues/detail?id=447906
- http://googlechromereleases.blogspot.com/2015/02/stable-channel-update.html
- http://googlechromereleases.blogspot.com/2015/02/chrome-for-android-update.html
- https://www.cve.org/CVERecord?id=CVE-2015-1209