OSVDB ID: 93938

Title: Google Chrome WebCore::TreeScopeAdopter::moveTreeToNewScope Function Use-after-free Arbitrary Code Execution

Info

Disclosure

May 21, 2013

Discovery

Unknown

Dates

Exploit

Unknown

Solution

May 21, 2013

Description

Google Chrome contains a use-after-free error in the WebCore::TreeScopeAdopter::moveTreeToNewScope() function. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.

Classification

Location: Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Upgrade
Exploit: Exploit Unknown
Disclosure: Vendor Verified
OSVDB: Web Related

Solution

It has been reported that this issue has been fixed. Upgrade to version 27.0.1453.93 or higher to address this vulnerability.

Products

Google, Inc.

Chrome

26.0.1410.65
26.0.1410.63
26.0.1410.64

References

Credit

Unknown or Incomplete



Direct URL: http://osvdb.org/93938