CVE-2015-6789 — Race Condition in Google Chrome

CWE-362 — Race Condition CWE-416 — Use After Free7 documents6 sources

Severity

9.3CRITICALNVD

EPSS

1.6%

top 18.27%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Google Chrome

Timeline

PublishedDec 14

Latest updateMay 17

Description

Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47.0.2526.80, allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact by leveraging unanticipated object deletion.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDgoogle/chrome47.0.2526.73

🔴Vulnerability Details

GHSA

GHSA-h35f-7gwh-g2rm: Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47↗2022-05-17

▶

OSV

oxide-qt vulnerabilities↗2016-01-11

▶

OSV

CVE-2015-6789: Race condition in the MutationObserver implementation in Blink, as used in Google Chrome before 47↗2015-12-14

▶

📋Vendor Advisories

Ubuntu

Oxide vulnerabilities↗2016-01-11

▶

Red Hat

chromium-browser: Use-after free in Blink↗2015-12-08

▶

💬Community

Bugzilla

CVE-2015-6789 chromium-browser: Use-after free in Blink↗2015-12-09

▶