10 matches found
CVE-2025-48634
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48634
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48634
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2025-48634
The CVE-2025-48634 entry involves Android’s WindowManagerService relayoutWindow where a missing permission check enables a local elevation-of-privilege (EoP) attack. The vulnerability can be exploited with no user interaction and does not require additional execution privileges. Connected documen...
ASB-A-406243581
In relayoutWindow of WindowManagerService.java, there is a possible tapjack attack due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
SUSE CVE-2015-1228
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service...
CVE-2016-1644
WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted HTML document...
chromium-browser: use-after-free in Blink
WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service use-after-free or possibly have unspecified other impact via a crafted HTML document...
Google Chrome CSS Token Sequence Denial of Service Vulnerability
Google Chrome is a popular WEB browser. The 'RenderCounter::updateCounter' function in the core/rendering/RenderCounter.cpp file in Blink used by Google Chrome has a security vulnerability due to the program's failure to Because the program fails to enforce relayout operations and fails to proper...
UBUNTU-CVE-2015-1228
The RenderCounter::updateCounter function in core/rendering/RenderCounter.cpp in Blink, as used in Google Chrome before 41.0.2272.76, does not force a relayout operation and consequently does not initialize memory for a data structure, which allows remote attackers to cause a denial of service...