CVE-2015-3336

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 42.0.2311.90

Description The issue allows user-assisted remote attackers to cause a denial of service, resulting in UI disruption. This is achieved by constructing a crafted HTML document containing JavaScript code with requestFullScreen and requestPointerLock calls. The user must access this document with a file: URL for the attack to be successful.

Recommendations For Google Chrome versions prior to 42.0.2311.90, update to version 42.0.2311.90 or later to resolve the issue. As a temporary workaround, consider restricting access to the requestFullScreen and requestPointerLock functions until a patch is applied. Avoid using these functions in HTML documents with file: URLs to minimize the risk of exploitation.