Google Chrome 46.0.2490.71 Heap Memory Corruption Vulnerabilities
11 Jan. 2016
Summary
Use-after-free vulnerability in the CPDFSDK_PageView implementation in fpdfsdk/src/fsdk_mgr.cpp in PDFium, as used in Google Chrome before 46.0.2490.71, allows remote attackers to cause a denial of service (heap memory corruption) or possibly have other impact by leveraging mishandling of a focused annotation in a PDF document.
Credit:
The information has been provided by Mariusz Mlynski, anonymous, Collin Payne, Atte Kettunen of OUSPG, Muneaki Nishimura (nishimunea), lastland.net and Muneaki Nishimura..
Vulnerable Systems:
* Google Chrome before 46.0.2490.71
Immune Systems:
* Google Chrome after 46.0.2490.71
Google Chrome is prone to multiple security vulnerabilities. Attackers can exploit these issues to execute arbitrary code, bypass certain security restrictions and perform unauthorized actions and to gain access to sensitive information that may aid in further attacks.