Use-after-free vulnerability in the Element::detach function in core/dom/Element.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving pending updates of detached elements.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 40.0.2214.85 (including) |