WebKit/Source/bindings/templates/interface.cpp in Blink does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
WebKit/Source/bindings/templates/interface.cpp in Blink does not prevent certain constructor calls, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code.
https://bugs.chromium.org/p/chromium/issues/detail?id=643357 https://chromereleases.googleblog.com/2016/09/stable-channel-update-for-desktop_13.html