The SimplifiedLowering::DoLoadBuffer function in compiler/simplified-lowering.cc in Google V8, as used in Google Chrome prior to 40.0.2214.91, does not properly choose an integer data type, which allows remote malicious users to cause a denial of service (memory corruption) or possibly have unspecified other impact via crafted JavaScript code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |