The RenderTable::simplifiedNormalFlowLayout function in core/rendering/RenderTable.cpp in Blink, as used in Google Chrome prior to 40.0.2214.91, skips captions during table layout in certain situations, which allows remote malicious users to cause a denial of service (out-of-bounds read) via unspecified vectors related to the Fonts implementation.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |