CVE-2015-1245 | Vulnerability Database | Aqua Security

Use-after-free vulnerability in the OpenPDFInReaderView::Update function in browser/ui/views/location_bar/open_pdf_in_reader_view.cc in Google Chrome before 41.0.2272.76 might allow user-assisted remote attackers to cause a denial of service (heap memory corruption) or possibly have unspecified other impact by triggering interaction with a PDFium Open PDF in Reader button that has an invalid tab association.

Affected Software

Name	Vendor	Start Version	End Version
Chrome	Google	*	41.0.2272.74 (including)

References

http://googlechromereleases.blogspot.com/2015/04/stable-channel-update_14.html
http://lists.opensuse.org/opensuse-updates/2015-04/msg00040.html
http://lists.opensuse.org/opensuse-updates/2015-11/msg00024.html
http://rhn.redhat.com/errata/RHSA-2015-0816.html
http://www.debian.org/security/2015/dsa-3238
http://www.securitytracker.com/id/1032209
https://code.google.com/p/chromium/issues/detail?id=444957
https://codereview.chromium.org/831283002
https://security.gentoo.org/glsa/201506-04

NVD	https://nvd.nist.gov/vuln/detail/CVE-2015-1245
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html