Full Disclosure mailing list archives
1503A - Chrome - ui::AXTree::Unserialize use-after-free
From: Berend-Jan Wever <berendjanwever () gmail com>
Date: Fri, 17 Jul 2015 02:00:35 +0200
T*L;DR* After 60 day deadline has passed, I am releasing details on an unfixed use-after-free vulnerability in Chrome's accessibility features, which are disabled by default. The issue does not look exploitable. *More details* http://berendjanwever.blogspot.nl/2015/07/1503a-chrome-uiaxtreeunserialize-use.html *Chromium bug*https://code.google.com/p/chromium/issues/detail?id=479743 Cheers, SkyLined ---- Gratuitous ASCII --------------------------------------------------------- db db SOMEBODYb SETUPUS SS SS SS db db db CSb, db CD CD SS SS ;S; CTHEBOMBSb ,SY' CMOVEZIGb ,SY' `" SS_ SS SS ,SP SS SS _qSS" SP _qSS" iD SSSSb,_ SS SS dSYb iS' SS CS7"SS ,SP` CS7"SS ,SS` SS `'*YD YP YP dS' Yb ,S* SP SS _,S7' SS _,dSP' SS 4S' YD C* CSP` YP CS7"` YP CS7' YP CD CD for great justice _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- 1503A - Chrome - ui::AXTree::Unserialize use-after-free Berend-Jan Wever (Jul 17)