Launchpad.net

CVE 2014-7929

Use-after-free vulnerability in the HTMLScriptElement::didMoveToNewDocument function in core/html/HTMLScriptElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 40.0.2214.91, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors involving movement of a SCRIPT element across documents.

Related bugs and status

CVE-2014-7929 (Candidate) is related to these bugs:

Bug #1378627: chromium-browser crashed with SIGSEGV

		In	Importance	Status
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Ubuntu)	Medium	Fix Released
1378627	chromium-browser crashed with SIGSEGV	Chromium Browser	Unknown	Unknown
1378627	chromium-browser crashed with SIGSEGV	Mesa	Medium	Won't Fix
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Debian)	Unknown	Fix Released
1378627	chromium-browser crashed with SIGSEGV	chromium-browser (Fedora)	Undecided	Won't Fix

Bug #1398900: No search suggestions in chromium omnibox

Summary				In	Importance	Status
	1398900	No search suggestions in chromium omnibox		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1414753: Chromium browser 39.0.2171.65 does not load policies

Summary				In	Importance	Status
	1414753	Chromium browser 39.0.2171.65 does not load policies		chromium-browser (Ubuntu)	Undecided	Fix Released

Bug #1415555: error while loading shared libraries: libui_base.so

Summary				In	Importance	Status
	1415555	error while loading shared libraries: libui_base.so		chromium-browser (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://googlechromerel...
CONFIRM: https://code.google.co...
SECUNIA: 62575
GENTOO: GLSA-201502-13
UBUNTU: USN-2476-1
REDHAT: RHSA-2015:0093
SUSE: openSUSE-SU-2015:0441
BID: 72288
SECTRACK: 1031623
SECUNIA: 62383
SECUNIA: 62665
CONFIRM: https://src.chromium.o...