Chrome Blink SpeechRecognitionController Use-After-Free

Posted by deepcore on November 24, 2016 – 4:16 am

A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Linux Kernel 2.6.x pipe.c Privilege Escalation Crestron AM-100 1.2.1 Path Traversal / Hard-Coded Credentials »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Chrome Blink SpeechRecognitionController Use-After-Free

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL