CVE-2015-1260

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 43.0.2357.65 Opera versions prior to 43.0.2357.65

Description The issue is caused by multiple use-after-free vulnerabilities in the content/renderer/media/user media client impl.cc file in the WebRTC implementation. This allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that executes upon completion of a getUserMedia request.

Recommendations For Google Chrome versions prior to 43.0.2357.65, update to version 43.0.2357.65 or later. For Opera versions prior to 43.0.2357.65, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the getUserMedia request until a patch is available. Restrict access to the WebRTC implementation to minimize the risk of exploitation.