5 matches found
Design/Logic Flaw
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of servi...
UBUNTU-CVE-2016-1663
The SerializedScriptValue::transferArrayBuffers function in WebKit/Source/bindings/core/v8/SerializedScriptValue.cpp in the V8 bindings in Blink, as used in Google Chrome before 50.0.2661.94, mishandles certain array-buffer data structures, which allows remote attackers to cause a denial of servi...
CVE-2014-3171
Removed by vendor...
CVE-2014-3171
CVE-2014-3171 is a use-after-free in Chrome’s Blink V8 bindings (HashMap add vs set) that affects the rendering engine’s V8 integration. The issue resides in bindings/core/v8/DOMWrapperMap.h and bindings/core/v8/SerializedScriptValue.cpp and, if exploited, can lead to a denial of service; remedia...
CVE-2014-3171
Use-after-free vulnerability in the V8 bindings in Blink, as used in Google Chrome before 37.0.2062.94, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging improper use of HashMap add operations instead of HashMap set operations, related to...