UBUNTU-CVE-2015-1284

Details

The LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, as used in Google Chrome before 44.0.2403.89, does not properly check for a page's maximum number of frames, which allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements.

Affected Packages

Ubuntu:14.04:LTSchromium-browser

Affected versions:

29.0.1547.65-0ubuntu231.0.1650.63-0ubuntu1~20131204.132.0.1700.107-0ubuntu1~20140204.977.133.0.1750.152-0ubuntu1~pkg995.134.0.1847.116-0ubuntu236.0.1985.125-0ubuntu1.14.04.0~pkg102937.0.2062.120-0ubuntu0.14.04.1~pkg104937.0.2062.94-0ubuntu0.14.04.1~pkg104238.0.2125.111-0ubuntu0.14.04.1.106139.0.2171.65-0ubuntu0.14.04.1.1064+5 more

Fixed in:

44.0.2403.89-0ubuntu0.14.04.1.1095

References

REPORThttp://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html REPORThttps://ubuntu.com/security/CVE-2015-1284 REPORThttps://ubuntu.com/security/notices/USN-2677-1 REPORThttps://www.cve.org/CVERecord?id=CVE-2015-1284

UBUNTU-CVE-2015-1284

Details

Affected Packages

References

Related

Ecosystems

Timeline