CVE-2016-1634
chromium-browser: use-after-free in Blink
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted web site that triggers Cascading Style Sheets (CSS) style invalidation during a certain subtree-removal action.
Vulnerabilidad de uso después de liberación de memoria en la función StyleResolver::appendCSSStyleSheet en WebKit/Source/core/css/resolver/StyleResolver.cpp en Blink, tal como se utiliza en Google Chrome en versiones anteriores a 49.0.2623.75, permite a atacantes remotos provocar una denegación de servicio o posiblemente tener otro impacto no especificado a través de un sitio web manipulado que desencadena la invalidación del estilo Cascading Style Sheets (CSS) durante cierta acción de eliminación de subárbol.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2016-01-12 CVE Reserved
- 2016-03-06 CVE Published
- 2023-10-22 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-416: Use After Free
CAPEC
References (14)
| URL | Tag | Source |
|---|---|---|
| http://googlechromereleases.blogspot.com/2016/03/stable-channel-update.html | X_refsource_confirm | |
| http://www.securityfocus.com/bid/84008 | Vdb Entry | |
| http://www.securitytracker.com/id/1035185 | Vdb Entry | |
| https://code.google.com/p/chromium/issues/detail?id=559292 | X_refsource_confirm | |
| https://codereview.chromium.org/1556963002 | X_refsource_confirm |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Google Search vendor "Google" | Chrome Search vendor "Google" for product "Chrome" | <= 48.0.2564.116 Search vendor "Google" for product "Chrome" and version " <= 48.0.2564.116" | - |
Affected
| ||||||