The ReduceTransitionElementsKind function in hydrogen-check-elimination.cc in Google V8 prior to 4.2.77.8, as used in Google Chrome prior to 42.0.2311.90, allows remote malicious users to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that leverages "type confusion" in the check-elimination optimization.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
canonical ubuntu linux 14.10 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 15.04 |
||
google v8 |
||
google chrome |
||
debian debian linux 8.0 |