CVE-2014-1743

Use-after-free vulnerability in the StyleElement::removedFromDocument function in core/dom/StyleElement.cpp in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that triggers tree mutation.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	35.0.1916.0	35.0.1916.0
Chrome	Google	35.0.1916.1	35.0.1916.1
Chrome	Google	35.0.1916.2	35.0.1916.2
Chrome	Google	35.0.1916.3	35.0.1916.3
Chrome	Google	35.0.1916.4	35.0.1916.4
Chrome	Google	35.0.1916.5	35.0.1916.5
Chrome	Google	35.0.1916.6	35.0.1916.6
Chrome	Google	35.0.1916.7	35.0.1916.7
Chrome	Google	35.0.1916.8	35.0.1916.8
Chrome	Google	35.0.1916.9	35.0.1916.9
Chrome	Google	35.0.1916.10	35.0.1916.10
Chrome	Google	35.0.1916.11	35.0.1916.11
Chrome	Google	35.0.1916.13	35.0.1916.13
Chrome	Google	35.0.1916.14	35.0.1916.14
Chrome	Google	35.0.1916.15	35.0.1916.15
Chrome	Google	35.0.1916.17	35.0.1916.17
Chrome	Google	35.0.1916.18	35.0.1916.18
Chrome	Google	35.0.1916.19	35.0.1916.19
Chrome	Google	35.0.1916.20	35.0.1916.20
Chrome	Google	35.0.1916.21	35.0.1916.21
Chrome	Google	35.0.1916.22	35.0.1916.22
Chrome	Google	35.0.1916.23	35.0.1916.23
Chrome	Google	35.0.1916.27	35.0.1916.27
Chrome	Google	35.0.1916.31	35.0.1916.31
Chrome	Google	35.0.1916.32	35.0.1916.32
Chrome	Google	35.0.1916.33	35.0.1916.33
Chrome	Google	35.0.1916.34	35.0.1916.34
Chrome	Google	35.0.1916.35	35.0.1916.35
Chrome	Google	35.0.1916.36	35.0.1916.36
Chrome	Google	35.0.1916.37	35.0.1916.37
Chrome	Google	35.0.1916.38	35.0.1916.38
Chrome	Google	35.0.1916.39	35.0.1916.39
Chrome	Google	35.0.1916.40	35.0.1916.40
Chrome	Google	35.0.1916.41	35.0.1916.41
Chrome	Google	35.0.1916.42	35.0.1916.42
Chrome	Google	35.0.1916.43	35.0.1916.43
Chrome	Google	35.0.1916.44	35.0.1916.44
Chrome	Google	35.0.1916.45	35.0.1916.45
Chrome	Google	35.0.1916.46	35.0.1916.46
Chrome	Google	35.0.1916.47	35.0.1916.47
Chrome	Google	35.0.1916.48	35.0.1916.48
Chrome	Google	35.0.1916.49	35.0.1916.49
Chrome	Google	35.0.1916.51	35.0.1916.51
Chrome	Google	35.0.1916.52	35.0.1916.52
Chrome	Google	35.0.1916.54	35.0.1916.54
Chrome	Google	35.0.1916.56	35.0.1916.56
Chrome	Google	35.0.1916.57	35.0.1916.57
Chrome	Google	35.0.1916.59	35.0.1916.59
Chrome	Google	35.0.1916.61	35.0.1916.61
Chrome	Google	35.0.1916.68	35.0.1916.68
Chrome	Google	35.0.1916.69	35.0.1916.69
Chrome	Google	35.0.1916.71	35.0.1916.71
Chrome	Google	35.0.1916.72	35.0.1916.72
Chrome	Google	35.0.1916.74	35.0.1916.74
Chrome	Google	35.0.1916.77	35.0.1916.77
Chrome	Google	35.0.1916.80	35.0.1916.80
Chrome	Google	35.0.1916.82	35.0.1916.82
Chrome	Google	35.0.1916.84	35.0.1916.84
Chrome	Google	35.0.1916.85	35.0.1916.85
Chrome	Google	35.0.1916.86	35.0.1916.86
Chrome	Google	35.0.1916.88	35.0.1916.88
Chrome	Google	35.0.1916.90	35.0.1916.90
Chrome	Google	35.0.1916.92	35.0.1916.92
Chrome	Google	35.0.1916.93	35.0.1916.93
Chrome	Google	35.0.1916.95	35.0.1916.95
Chrome	Google	35.0.1916.96	35.0.1916.96
Chrome	Google	35.0.1916.98	35.0.1916.98
Chrome	Google	35.0.1916.99	35.0.1916.99
Chrome	Google	35.0.1916.101	35.0.1916.101
Chrome	Google	35.0.1916.103	35.0.1916.103
Chrome	Google	35.0.1916.104	35.0.1916.104
Chrome	Google	35.0.1916.105	35.0.1916.105
Chrome	Google	35.0.1916.106	35.0.1916.106
Chrome	Google	35.0.1916.107	35.0.1916.107
Chrome	Google	35.0.1916.108	35.0.1916.108
Chrome	Google	35.0.1916.109	35.0.1916.109
Chrome	Google	35.0.1916.110	35.0.1916.110
Chrome	Google	35.0.1916.111	35.0.1916.111
Chrome	Google	35.0.1916.112	35.0.1916.112
Chrome	Google	*	35.0.1916.113
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	precise	*
Chromium-browser	Ubuntu	quantal	*
Chromium-browser	Ubuntu	saucy	*
Chromium-browser	Ubuntu	trusty	*
Chromium-browser	Ubuntu	upstream	*
Oxide-qt	Ubuntu	devel	*
Oxide-qt	Ubuntu	trusty	*
Oxide-qt	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2014-1743
CWE	https://cwe.mitre.org/data/definitions/399.html

Affected Software

References