Vulnerability · NVD

CVE-2015-1209

N/A Published on 2015-02-06

Use-after-free vulnerability in the VisibleSelection::nonBoundaryShadowTreeRootNode function in core/editing/VisibleSelection.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.111 on Windows, OS X, and Linux and before 40.0.2214.109 on Android, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers improper handling of a shadow-root anchor.

EPSS 1.39% above median percentile 80.7%

Tracked apps referencing this CVE

For each app: the affected range, the fixing version, and where the tracked app stands today.

Google Chrome Android com.android.chrome

Affected <40.0.2214.109 Fixed in 40.0.2214.109 Latest tracked 147.0.7727.137 patched

Vulnerable CPE configurations (1)

Vendor	Product	Platform	Versions	CPE 2.3 URI
google	chrome Android	Android	<40.0.2214.109	cpe:2.3:a:google:chrome::::::android::*

View on NVD ↗