CVE-2014-7907Use After Free in Google Chrome

CWE-399CWE-416Use After Free7 documents6 sources
Severity
7.5HIGHNVD
EPSS
1.5%
top 18.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedNov 19
Latest updateMay 17

Description

Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController.cpp in Blink, as used in Google Chrome before 39.0.2171.65, allow remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger improper handling of a detached frame, related to the (1) lock and (2) unlock methods.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome39.0.2171.45

🔴Vulnerability Details

3
GHSA
GHSA-8w9m-wxhq-5hch: Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController2022-05-17
OSV
oxide-qt vulnerabilities2014-11-19
OSV
CVE-2014-7907: Multiple use-after-free vulnerabilities in modules/screen_orientation/ScreenOrientationController2014-11-19

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2014-11-19
Red Hat
chromium-browser: Use-after-free in blink2014-11-18

💬Community

1
Bugzilla
CVE-2014-7907 chromium-browser: Use-after-free in blink2014-11-19