7.5

CVE-2015-1221

EPSS 0.87%
Published 09.03.2015 00:59:14
Last modified 12.04.2025 10:46:40
Source chrome-cve-admin@google.com
Teams watchlist Login
Open Login

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blink's main thread, related to the shutdown function in web/WebKit.cpp.

Affected products Warnungen 0 Metrics 2 CWE 0 References 11

Data is provided by the National Vulnerability Database (NVD)

Google ≫ Chrome Version <= 40.0.2214.115

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.87%	0.742

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html

http://rhn.redhat.com/errata/RHSA-2015-0627.html

http://www.securityfocus.com/bid/72901

http://www.ubuntu.com/usn/USN-2521-1

https://security.gentoo.org/glsa/201503-12

https://code.google.com/p/chromium/issues/detail?id=455368

https://src.chromium.org/viewvc/blink?revision=190021&view=revision

https://src.chromium.org/viewvc/blink?revision=190035&view=revision

https://nvd.nist.gov/vuln/detail/CVE-2015-1221

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2015-1221

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2015-1221

EUVD