CVE-2015-1277

Published: 22 July 2015

Use-after-free vulnerability in the accessibility implementation in Google Chrome before 44.0.2403.89 allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging lack of certain validity checks for accessibility-tree data structures.

Priority

Status

Package	Release	Status
chromium-browser Launchpad, Ubuntu, Debian	precise	Ignored
	trusty	Released (44.0.2403.89-0ubuntu0.14.04.1.1095)
	upstream	Released (44.0.2403.89)
	utopic	Ignored (end of life, was needed)
	vivid	Released (44.0.2403.89-0ubuntu0.15.04.1.1177)
	wily	Released (44.0.2403.89-0ubuntu1.1195)
	Patches: upstream: https://codereview.chromium.org/1151393006/ upstream: https://codereview.chromium.org/1144363004/
oxide-qt Launchpad, Ubuntu, Debian	precise	Does not exist
	trusty	Released (1.8.4-0ubuntu0.14.04.1)
	upstream	Released (1.8.4)
	utopic	Ignored (end of life, was needed)
	vivid	Released (1.8.4-0ubuntu0.15.04.1)
	wily	Released (1.8.4-0ubuntu1)

References

Bugs

https://code.google.com/p/chromium/issues/detail?id=479743

Join the discussion

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›