Use-after-free vulnerability in the SVG implementation in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to cause a denial of service or possibly have unspecified other impact via vectors that trigger removal of an SVGFontFaceElement object, related to core/svg/SVGFontFaceElement.cpp.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "chromium-chromedriver": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-browser-dbg": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-codecs-ffmpeg-dbg": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-codecs-ffmpeg": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-browser": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-codecs-ffmpeg-extra-dbg": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-codecs-ffmpeg-extra": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-browser-l10n": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029", "chromium-chromedriver-dbg": "36.0.1985.125-0ubuntu1.14.04.0~pkg1029" } ] }