A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.
55331823f8dfff200255c77a7bbd5aa302935b3af6f4e3f1ef14fc56b9da6164Gentoo Linux Security Advisory 201506-4 - Multiple vulnerabilities have been fixed in Chromium, the worst of which can cause arbitrary remote code execution. Versions less than 43.0.2357.65 are affected.
957476c058c044db28e980b30ae0cae33a242da1ea10d77234f3541a8006016cRed Hat Security Advisory 2015-1023-01 - Chromium is an open-source web browser, powered by WebKit. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Chromium to crash or, potentially, execute arbitrary code with the privileges of the user running Chromium. All Chromium users should upgrade to these updated packages, which contain Chromium version 43.0.2357.65, which corrects these issues. After installing the update, Chromium must be restarted for the changes to take effect.
6eb794a5c0ab83b003193d853a129ca03eecc87bb5e448424373010f34554ed3Debian Linux Security Advisory 3267-1 - Several vulnerabilities were discovered in the chromium web browser.
13fb1c54b3fd812086ec0f10830e7f77c85dfe9d2207d97d1c96fa6ae51587e4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed