WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome prior to 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote malicious users to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
google chrome |