WebKit - 'WebCore::Style::TreeResolver::styleForElement' Use-After-Free

function eventhandler1 try txt.appendChildkg; catche function eventhandler2 try anim.appendChildkg; catche function eventhandler3 try table.scrollIntoViewtrue; catche a !-- ================================================================= ASan log:...

CVE-2016-1634

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...

Design/Logic Flaw

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...

CVE-2016-1634

Removed by vendor...

CVE-2016-1634

CVE-2016-1634 is a use-after-free in Blink’s StyleResolver::appendCSSStyleSheet (WebKit/Blink) used by Google Chrome prior to 49.0.2623.75. The vulnerability allows a remote attacker to cause a denial of service (DoS) or potentially other impact via a crafted page triggering CSS style invalidatio...

CVE-2016-1634

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...

CVE-2016-1634

Use-after-free vulnerability in the StyleResolver::appendCSSStyleSheet function in WebKit/Source/core/css/resolver/StyleResolver.cpp in Blink, as used in Google Chrome before 49.0.2623.75, allows remote attackers to cause a denial of service or possibly have unspecified other impact via a crafted...