CVE-2015-1270

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 44.0.2403.89

Description The issue is related to the ucnv io getConverterName function in International Components for Unicode (ICU), which mishandles converter names with initial x- substrings. This allows remote attackers to cause a denial of service (read of uninitialized memory) or possibly have unspecified other impact via a crafted file. The vulnerability exists due to incorrect handling of converter names, enabling remote attackers to exploit it using a specially formed file.

Recommendations For Google Chrome versions prior to 44.0.2403.89, update to version 44.0.2403.89 or later to resolve the issue. As a temporary workaround, consider restricting the use of the ucnv io getConverterName function until a patch is available. Avoid using converter names with initial x- substrings in the affected function to minimize the risk of exploitation.