Launchpad CVE tracker

CVE 2014-3191

Use-after-free vulnerability in Blink, as used in Google Chrome before 38.0.2125.101, allows remote attackers to cause a denial of service or possibly have unspecified other impact via crafted JavaScript code that triggers a widget-position update that improperly interacts with the render tree, related to the FrameView::updateLayoutAndStyleForPainting function in core/frame/FrameView.cpp and the RenderLayerScrollableArea::setScrollOffset function in core/rendering/RenderLayerScrollableArea.cpp.

Related bugs and status

CVE-2014-3191 (Candidate) is related to these bugs:

Bug #1310163: chromium-browser with multiple tabs crashes on startup in KDE environment

Summary				In	Importance	Status
	1310163	chromium-browser with multiple tabs crashes on startup in KDE environment		chromium-browser (Ubuntu)	High	Fix Released
	1310163	chromium-browser with multiple tabs crashes on startup in KDE environment		Chromium Browser	Unknown	Unknown

Bug #1373802: Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049

Summary				In	Importance	Status
	1373802	Regression: chromium-browser no longer loads policies in 37.0.2062.120-0ubuntu0.14.04.1~pkg1049		chromium-browser (Ubuntu)	Critical	Fix Released

Bug #1381644: CHROMIUM_USER_FLAGS environment variable is ignored

Summary				In	Importance	Status
	1381644	CHROMIUM_USER_FLAGS environment variable is ignored		chromium-browser (Ubuntu)	High	Fix Released

Bug #1386455: Chromium 37 has 159 known security issues

Summary				In	Importance	Status
	1386455	Chromium 37 has 159 known security issues		chromium-browser (Ubuntu)	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2014-3191

References