CVE-2015-1221Use After Free in Google Chrome

CWE-416Use After Free9 documents7 sources
Severity
7.5HIGHNVD
EPSS
0.9%
top 24.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Chrome
Timeline
PublishedMar 9
Latest updateMay 17

Description

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDgoogle/chrome40.0.2214.115

🔴Vulnerability Details

3
GHSA
GHSA-vm3f-p9xp-8hvv: Use-after-free vulnerability in Blink, as used in Google Chrome before 412022-05-17
OSV
oxide-qt vulnerabilities2015-03-10
OSV
CVE-2015-1221: Use-after-free vulnerability in Blink, as used in Google Chrome before 412015-03-08

📋Vendor Advisories

2
Ubuntu
Oxide vulnerabilities2015-03-10
Red Hat
chromium-browser: Use-after-free in web databases2015-03-03

🕵️Threat Intelligence

2
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities2015-03-17
Talos
Research Spotlight: Exploiting Use-After-Free Vulnerabilities2015-03-17

💬Community

1
Bugzilla
CVE-2015-1221 chromium-browser: Use-after-free in web databases2015-03-04