CVE-2015-1284

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 44.0.2403.89 Opera versions prior to 44.0.2403.89 (affected versions not specified)

Description The issue is related to the LocalFrame::isURLAllowed function in core/frame/LocalFrame.cpp in Blink, which does not properly check for a page's maximum number of frames. This allows remote attackers to cause a denial of service (invalid count value and use-after-free) or possibly have unspecified other impact via crafted JavaScript code that makes many createElement calls for IFRAME elements, such as /api/v1/createElement endpoint with IFRAME elements.

Recommendations For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later. For Opera, there is no information about a newer version that contains a fix for this vulnerability. As a temporary workaround, consider restricting the use of the createElement function for IFRAME elements until a patch is available. Avoid using the createElement function with IFRAME elements in crafted JavaScript code.