Titolo: Chrome Blink SpeechRecognitionController Use-After-Free Exploit 
Categoria: dos / poc
Piattaforma: multiple
A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.

# 0day.today @ http://0day.today/