Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1221

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1221
Last Modified 16 Mar 2015 10:01:59
Published 08 Mar 2015 08:59:14
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1221

Summary

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp.

Vulnerable Systems

Application

  • Google Chrome 40.0.2214.115


References

CONFIRM - https://src.chromium.org/viewvc/blink?revision=190035&view=revision

CONFIRM - https://src.chromium.org/viewvc/blink?revision=190021&view=revision

CONFIRM - https://code.google.com/p/chromium/issues/detail?id=455368

CONFIRM - http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html

BID - 72901

REDHAT - RHSA-2015:0627

UBUNTU - USN-2521-1


Last Updated: 27 May 2016 11:08:06