PT-2015-1195 · Google+4 · Google Chrome+4

Published

2015-05-19

Updated

2024-06-15

CVE-2015-1256

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 43.0.2357.65

Description The issue is caused by a use-after-free vulnerability in the SVG implementation in Blink. This vulnerability can be exploited by remote attackers using a specially crafted document, potentially leading to a denial of service or other unspecified impacts. The exploitation leverages improper handling of a shadow tree for a use element.

Recommendations For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later to resolve the issue. As a temporary workaround, consider avoiding the use of SVG documents that could leverage the improper handling of a shadow tree for a use element until a patch is applied.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALT-PU-2015-1589

BDU:2015-10129

CVE-2015-1256

DSA-3267-1

MGASA-2015-0235

OPENSUSE-SU-2024:10171-1

OPENSUSE-SU-2024:12948-1

RHSA-2015:1023

RHSA-2015_1023

USN-2610-1

Affected Products

Alt Linux

Google Chrome

Opera

Red Hat

Ubuntu

PT-2015-1195 · Google+4 · Google Chrome+4

CVE-2015-1256

Weakness Enumeration

Related Identifiers

Affected Products

References · 2469