lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 17 Jul 2015 02:00:35 +0200
From: Berend-Jan Wever <berendjanwever@...il.com>
To: Full-disclosure <fulldisclosure@...lists.org>
Subject: [FD] 1503A - Chrome - ui::AXTree::Unserialize use-after-free

T*L;DR*
After 60 day deadline has passed, I am releasing details on an unfixed
use-after-free vulnerability in Chrome's accessibility features, which are
disabled by default. The issue does not look exploitable.

*More details*
http://berendjanwever.blogspot.nl/2015/07/1503a-chrome-uiaxtreeunserialize-use.html


*Chromium bug*https://code.google.com/p/chromium/issues/detail?id=479743

Cheers,

SkyLined

---- Gratuitous ASCII
---------------------------------------------------------


                                                                        db
db
   SOMEBODYb                       SETUPUS                              SS
SS
          SS    db             db                  db CSb,     db CD CD SS
SS
         ;S; CTHEBOMBSb      ,SY' CMOVEZIGb      ,SY'   `"     SS_      SS
SS
        ,SP     SS   SS   _qSS"          SP   _qSS"         iD SSSSb,_  SS
SS
       dSYb    iS'   SS CS7"SS         ,SP` CS7"SS        ,SS` SS `'*YD YP
YP
     dS'  Yb  ,S*    SP     SS      _,S7'       SS    _,dSP'
SS
   4S'     YD C*   CSP`     YP    CS7"`         YP   CS7'      YP       CD
CD


                                                            for great
justice

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists