Use-after-free vulnerability in page/Geolocation.cpp in WebCore in WebKit before r59859, as used in Google Chrome before 5.0.375.70, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted web site, related to failure to stop timers associated with geolocation upon deletion of a document.

Threat-Mapped Scoring

Score: 1.9

Priority: P3 - Important (Medium)

• S9 – Sabotage of System/App
• S10 – Denial of Service (+0.1 bonus)

EPSS

Score: 0.01993
Percentile: 0.82843

CVSS Scoring

Mapped CWE(s)

• CWE-416 : Use After Free

Affected Products

• cpe:2.3:a:google:chrome:*:*:*:*:*:*:*:*
• cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:9.10:*:*:*:*:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
• cpe:2.3:o:canonical:ubuntu_linux:10.10:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:opensuse:11.2:*:*:*:*:*:*:*
• cpe:2.3:o:opensuse:opensuse:11.3:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:12:*:*:*:*:*:*:*
• cpe:2.3:o:fedoraproject:fedora:13:*:*:*:*:*:*:*

← Back to Home