Use-after-free vulnerability in browser/speech/tts_message_filter.cc in the Speech implementation in Google Chrome before 40.0.2214.91 allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving utterances from a closed tab.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Chrome | * | 40.0.2214.85 (including) |