Type Confusion Vulnerability in Blink's getHiddenProperty Function
CVE-2015-1230 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
The getHiddenProperty function in bindings/core/v8/V8EventListenerList.h in Blink, as used in Google Chrome before 41.0.2272.76, has a name conflict with the AudioContext class, which allows remote attackers to cause a denial of service or possibly have unspecified other impact via JavaScript code that adds an AudioContext event listener and triggers "type confusion."
Learn more about our Cis Benchmark Audit For Bind.