The V8LazyEventListener::prepareListenerObject function in bindings/core/v8/V8LazyEventListener.cpp in the V8 bindings in Blink, as used in Google Chrome prior to 41.0.2272.76, does not properly compile listeners, which allows remote malicious users to cause a denial of service or possibly have unspecified other impact via vectors that leverage "type confusion."
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |
||
redhat enterprise linux desktop supplementary 6.0 |
||
redhat enterprise linux server supplementary 6.0 |
||
redhat enterprise linux workstation supplementary 6.0 |
||
redhat enterprise linux server supplementary eus 6.6.z |
||
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |