Note:
This project will be discontinued after December 13, 2021. [more]
2018-01-09
The Google V8 engine, as used in Google Chrome before 44.0.2403.89 and QtWebEngineCore in Qt before 5.5.1, allows remote attackers to cause a denial of service (memory corruption) or execute arbitrary code via a crafted web site.
| Products | Chrome, Leap, Qt |
| Type | Improper Restriction of Operations within the Bounds of a Memory Buffer (CWE-119) |
| First patch | - None (likely due to unavailable code) |
| Links |
• https://bugs.chromium.org/p/chromium/issues/detail?id=505374
• http://www.nsfocus.net/index.php?act=advisory&do=view&adv_id=80 • https://codereview.chromium.org/1233453004 • http://code.qt.io/cgit/qt/qtwebengine.git/tree/dist/changes-5.5.1 • http://googlechromereleases.blogspot.com/2015/07/stable-channel-update_21.html |