First published: Mon Mar 09 2015(Updated: )
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted Cascading Style Sheets (CSS) token sequence.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =14.10 | |
Google Chrome | <=40.0.2214.115 | |
Redhat Enterprise Linux Desktop Supplementary | =6.0 | |
Redhat Enterprise Linux Server | =6.0 | |
Redhat Enterprise Linux Server Supplementary Eus | =6.6.z | |
Redhat Enterprise Linux Workstation Supplementary | =6.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.