CVE-2015-1251 — Use After Free in Google Chrome

CWE-416 — Use After Free6 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

4.5%

top 10.92%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome Debian Linux

Timeline

PublishedMay 20

Latest updateMay 14

Description

Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43.0.2357.65 allows remote attackers to execute arbitrary code via a crafted document.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

▶NVDgoogle/chrome42.0.2311.152

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-gv8f-p965-5v38: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43↗2022-05-14

▶

OSV

CVE-2015-1251: Use-after-free vulnerability in the SpeechRecognitionClient implementation in the Speech subsystem in Google Chrome before 43↗2015-05-20

▶

📋Vendor Advisories

Red Hat

chromium-browser: Use-after-free in Speech.↗2015-05-19

▶

💬Community

Bugzilla

CVE-2015-6817 pgbouncer: failed auth_query lookup leads to connection as auth_user↗2015-09-07

▶

Bugzilla

CVE-2015-1251 chromium-browser: Use-after-free in Speech.↗2015-05-20

▶