Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Chrome | * | 35.0.1916.113 (including) | |
| Chrome | 35.0.1916.0 (including) | 35.0.1916.0 (including) | |
| Chrome | 35.0.1916.1 (including) | 35.0.1916.1 (including) | |
| Chrome | 35.0.1916.2 (including) | 35.0.1916.2 (including) | |
| Chrome | 35.0.1916.3 (including) | 35.0.1916.3 (including) | |
| Chrome | 35.0.1916.4 (including) | 35.0.1916.4 (including) | |
| Chrome | 35.0.1916.5 (including) | 35.0.1916.5 (including) | |
| Chrome | 35.0.1916.6 (including) | 35.0.1916.6 (including) | |
| Chrome | 35.0.1916.7 (including) | 35.0.1916.7 (including) | |
| Chrome | 35.0.1916.8 (including) | 35.0.1916.8 (including) | |
| Chrome | 35.0.1916.9 (including) | 35.0.1916.9 (including) | |
| Chrome | 35.0.1916.10 (including) | 35.0.1916.10 (including) | |
| Chrome | 35.0.1916.11 (including) | 35.0.1916.11 (including) | |
| Chrome | 35.0.1916.13 (including) | 35.0.1916.13 (including) | |
| Chrome | 35.0.1916.14 (including) | 35.0.1916.14 (including) | |
| Chrome | 35.0.1916.15 (including) | 35.0.1916.15 (including) | |
| Chrome | 35.0.1916.17 (including) | 35.0.1916.17 (including) | |
| Chrome | 35.0.1916.18 (including) | 35.0.1916.18 (including) | |
| Chrome | 35.0.1916.19 (including) | 35.0.1916.19 (including) | |
| Chrome | 35.0.1916.20 (including) | 35.0.1916.20 (including) | |
| Chrome | 35.0.1916.21 (including) | 35.0.1916.21 (including) | |
| Chrome | 35.0.1916.22 (including) | 35.0.1916.22 (including) | |
| Chrome | 35.0.1916.23 (including) | 35.0.1916.23 (including) | |
| Chrome | 35.0.1916.27 (including) | 35.0.1916.27 (including) | |
| Chrome | 35.0.1916.31 (including) | 35.0.1916.31 (including) | |
| Chrome | 35.0.1916.32 (including) | 35.0.1916.32 (including) | |
| Chrome | 35.0.1916.33 (including) | 35.0.1916.33 (including) | |
| Chrome | 35.0.1916.34 (including) | 35.0.1916.34 (including) | |
| Chrome | 35.0.1916.35 (including) | 35.0.1916.35 (including) | |
| Chrome | 35.0.1916.36 (including) | 35.0.1916.36 (including) | |
| Chrome | 35.0.1916.37 (including) | 35.0.1916.37 (including) | |
| Chrome | 35.0.1916.38 (including) | 35.0.1916.38 (including) | |
| Chrome | 35.0.1916.39 (including) | 35.0.1916.39 (including) | |
| Chrome | 35.0.1916.40 (including) | 35.0.1916.40 (including) | |
| Chrome | 35.0.1916.41 (including) | 35.0.1916.41 (including) | |
| Chrome | 35.0.1916.42 (including) | 35.0.1916.42 (including) | |
| Chrome | 35.0.1916.43 (including) | 35.0.1916.43 (including) | |
| Chrome | 35.0.1916.44 (including) | 35.0.1916.44 (including) | |
| Chrome | 35.0.1916.45 (including) | 35.0.1916.45 (including) | |
| Chrome | 35.0.1916.46 (including) | 35.0.1916.46 (including) | |
| Chrome | 35.0.1916.47 (including) | 35.0.1916.47 (including) | |
| Chrome | 35.0.1916.48 (including) | 35.0.1916.48 (including) | |
| Chrome | 35.0.1916.49 (including) | 35.0.1916.49 (including) | |
| Chrome | 35.0.1916.51 (including) | 35.0.1916.51 (including) | |
| Chrome | 35.0.1916.52 (including) | 35.0.1916.52 (including) | |
| Chrome | 35.0.1916.54 (including) | 35.0.1916.54 (including) | |
| Chrome | 35.0.1916.56 (including) | 35.0.1916.56 (including) | |
| Chrome | 35.0.1916.57 (including) | 35.0.1916.57 (including) | |
| Chrome | 35.0.1916.59 (including) | 35.0.1916.59 (including) | |
| Chrome | 35.0.1916.61 (including) | 35.0.1916.61 (including) | |
| Chrome | 35.0.1916.68 (including) | 35.0.1916.68 (including) | |
| Chrome | 35.0.1916.69 (including) | 35.0.1916.69 (including) | |
| Chrome | 35.0.1916.71 (including) | 35.0.1916.71 (including) | |
| Chrome | 35.0.1916.72 (including) | 35.0.1916.72 (including) | |
| Chrome | 35.0.1916.74 (including) | 35.0.1916.74 (including) | |
| Chrome | 35.0.1916.77 (including) | 35.0.1916.77 (including) | |
| Chrome | 35.0.1916.80 (including) | 35.0.1916.80 (including) | |
| Chrome | 35.0.1916.82 (including) | 35.0.1916.82 (including) | |
| Chrome | 35.0.1916.84 (including) | 35.0.1916.84 (including) | |
| Chrome | 35.0.1916.85 (including) | 35.0.1916.85 (including) | |
| Chrome | 35.0.1916.86 (including) | 35.0.1916.86 (including) | |
| Chrome | 35.0.1916.88 (including) | 35.0.1916.88 (including) | |
| Chrome | 35.0.1916.90 (including) | 35.0.1916.90 (including) | |
| Chrome | 35.0.1916.92 (including) | 35.0.1916.92 (including) | |
| Chrome | 35.0.1916.93 (including) | 35.0.1916.93 (including) | |
| Chrome | 35.0.1916.95 (including) | 35.0.1916.95 (including) | |
| Chrome | 35.0.1916.96 (including) | 35.0.1916.96 (including) | |
| Chrome | 35.0.1916.98 (including) | 35.0.1916.98 (including) | |
| Chrome | 35.0.1916.99 (including) | 35.0.1916.99 (including) | |
| Chrome | 35.0.1916.101 (including) | 35.0.1916.101 (including) | |
| Chrome | 35.0.1916.103 (including) | 35.0.1916.103 (including) | |
| Chrome | 35.0.1916.104 (including) | 35.0.1916.104 (including) | |
| Chrome | 35.0.1916.105 (including) | 35.0.1916.105 (including) | |
| Chrome | 35.0.1916.106 (including) | 35.0.1916.106 (including) | |
| Chrome | 35.0.1916.107 (including) | 35.0.1916.107 (including) | |
| Chrome | 35.0.1916.108 (including) | 35.0.1916.108 (including) | |
| Chrome | 35.0.1916.109 (including) | 35.0.1916.109 (including) | |
| Chrome | 35.0.1916.110 (including) | 35.0.1916.110 (including) | |
| Chrome | 35.0.1916.111 (including) | 35.0.1916.111 (including) | |
| Chrome | 35.0.1916.112 (including) | 35.0.1916.112 (including) |