Vulnerability Description
Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Chrome | <= 40.0.2214.115 |
References
- http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
- http://rhn.redhat.com/errata/RHSA-2015-0627.html
- http://www.securityfocus.com/bid/72901
- http://www.ubuntu.com/usn/USN-2521-1
- https://code.google.com/p/chromium/issues/detail?id=455368
- https://security.gentoo.org/glsa/201503-12
- https://src.chromium.org/viewvc/blink?revision=190021&view=revision
- https://src.chromium.org/viewvc/blink?revision=190035&view=revision
- http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
- http://rhn.redhat.com/errata/RHSA-2015-0627.html
- http://www.securityfocus.com/bid/72901
- http://www.ubuntu.com/usn/USN-2521-1
- https://code.google.com/p/chromium/issues/detail?id=455368
- https://security.gentoo.org/glsa/201503-12
- https://src.chromium.org/viewvc/blink?revision=190021&view=revision
FAQ
What is CVE-2015-1221?
CVE-2015-1221 is a vulnerability with a CVSS score of 7.5 (HIGH). Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorr...
How severe is CVE-2015-1221?
CVE-2015-1221 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-1221?
Check the references section above for vendor advisories and patch information. Affected products include: Google Chrome.