CVE-2015-1217
Publication date 8 March 2015
Last updated 24 July 2024
Ubuntu priority
The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome before 41.0.2272.76, does not properly compile listeners, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| chromium-browser | ||
| 14.04 LTS trusty |
Fixed 41.0.2272.76-0ubuntu0.14.04.1.1076
|
|
| oxide-qt | ||
| 14.04 LTS trusty |
Fixed 1.5.5-0ubuntu0.14.04.3
|
|
References
Related Ubuntu Security Notices (USN)
- USN-2521-1
- Oxide vulnerabilities
- 10 March 2015
Other references
- https://src.chromium.org/viewvc/blink?revision=189796&view=revision
- https://codereview.chromium.org/958543002
- https://codereview.chromium.org/910683002
- https://code.google.com/p/chromium/issues/detail?id=456192
- http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
- https://www.cve.org/CVERecord?id=CVE-2015-1217