Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome prior to 40.0.2214.91, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |