N/A

Use-after-free vulnerability in the Document::finishedParsing function in core/dom/Document.cpp in Blink, as used in Google Chrome before 29.0.1547.57, allows remote attackers to cause a denial of service or possibly have unspecified other impact via an onload event that changes an IFRAME element so that its src attribute is no longer an XML document, leading to unintended garbage collection of this document.

N/A

N/A

Google Chrome ‘Document::finishedParsing’函数释放后重用漏洞

Google Chrome是美国谷歌（Google）公司开发的一款Web浏览器。 Google Chrome 29.0.1547.57之前版本所使用的Blink浏览器引擎中的core/dom/Document.cpp文件中的‘Document::finishedParsing’函数中存在释放后重用漏洞。远程攻击者可借助修改IFRAME元素的装载事件使XML文档不在包含src属性，导致作为垃圾文档被收集，可利用该漏洞构建恶意网页，诱使用户解析，可使应用程序崩溃或执行任意代码。

N/A

N/A