CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
EPSS
Percentile
84.9%
Use-after-free vulnerability in Blink, as used in Google Chrome before
41.0.2272.76, allows remote attackers to cause a denial of service or
possibly have unspecified other impact by leveraging incorrect ordering of
operations in the Web SQL Database thread relative to Blink’s main thread,
related to the shutdown function in web/WebKit.cpp.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | chromium-browser | < 41.0.2272.76-0ubuntu0.14.04.1.1076 | UNKNOWN |
ubuntu | 14.10 | noarch | chromium-browser | < 41.0.2272.76-0ubuntu0.14.10.1.1118 | UNKNOWN |
ubuntu | 15.04 | noarch | chromium-browser | < 41.0.2272.76-0ubuntu1.1134 | UNKNOWN |
ubuntu | 15.10 | noarch | chromium-browser | < 41.0.2272.76-0ubuntu1.1134 | UNKNOWN |
ubuntu | 14.04 | noarch | oxide-qt | < 1.5.5-0ubuntu0.14.04.3 | UNKNOWN |
ubuntu | 14.10 | noarch | oxide-qt | < 1.5.5-0ubuntu0.14.10.2 | UNKNOWN |
ubuntu | 15.04 | noarch | oxide-qt | < 1.5.5-0ubuntu1 | UNKNOWN |
ubuntu | 15.10 | noarch | oxide-qt | < 1.5.5-0ubuntu1 | UNKNOWN |
googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
code.google.com/p/chromium/issues/detail?id=455368
launchpad.net/bugs/cve/CVE-2015-1221
nvd.nist.gov/vuln/detail/CVE-2015-1221
security-tracker.debian.org/tracker/CVE-2015-1221
src.chromium.org/viewvc/blink?revision=190021&view=revision
src.chromium.org/viewvc/blink?revision=190035&view=revision
ubuntu.com/security/notices/USN-2521-1
www.cve.org/CVERecord?id=CVE-2015-1221