CVE-2015-1221 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in Blink, as used in Google Chrome before 41.0.2272.76, allows remote attackers to cause a denial of service or possibly have unspecified other impact by leveraging incorrect ordering of operations in the Web SQL Database thread relative to Blinks main thread, related to the shutdown function in web/WebKit.cpp.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	40.0.2214.115 (including)
Supplementary for Red Hat Enterprise Linux 6	RedHat	chromium-browser-0:41.0.2272.76-1.el6_6	*
Chromium-browser	Ubuntu	devel	*
Chromium-browser	Ubuntu	lucid	*
Chromium-browser	Ubuntu	precise	*
Chromium-browser	Ubuntu	trusty	*
Chromium-browser	Ubuntu	upstream	*
Chromium-browser	Ubuntu	utopic	*
Chromium-browser	Ubuntu	vivid	*
Chromium-browser	Ubuntu	wily	*
Oxide-qt	Ubuntu	devel	*
Oxide-qt	Ubuntu	trusty	*
Oxide-qt	Ubuntu	upstream	*
Oxide-qt	Ubuntu	utopic	*
Oxide-qt	Ubuntu	vivid	*
Oxide-qt	Ubuntu	wily	*

References

http://googlechromereleases.blogspot.com/2015/03/stable-channel-update.html
http://rhn.redhat.com/errata/RHSA-2015-0627.html
http://www.securityfocus.com/bid/72901
http://www.ubuntu.com/usn/USN-2521-1
https://code.google.com/p/chromium/issues/detail?id=455368
https://security.gentoo.org/glsa/201503-12
https://src.chromium.org/viewvc/blink?revision=190021\u0026view=revision
https://src.chromium.org/viewvc/blink?revision=190035\u0026view=revision

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1221
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html