First published: Sun Aug 07 2016(Updated: )
The Web Cryptography API (aka WebCrypto) implementation in Blink, as used in Google Chrome before 52.0.2743.116, does not properly copy data buffers, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via crafted JavaScript code, related to NormalizeAlgorithm.cpp and SubtleCrypto.cpp.
Credit: cve-coordination@google.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Chrome | <=52.0.2743.82 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.