Launchpad.net

CVE 2011-1796

Use-after-free vulnerability in the FrameView::calculateScrollbarModesForLayout function in page/FrameView.cpp in WebCore in WebKit in Google Chrome before 11.0.696.65 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via crafted JavaScript code that calls the removeChild method during interaction with a FRAME element.

Related bugs and status

CVE-2011-1796 (Candidate) is related to these bugs:

Bug #778822: 11.0.696.57 -> 11.0.696.65

		In	Importance	Status
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Lucid)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Maverick)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Natty)	High	Fix Released
778822	11.0.696.57 -> 11.0.696.65	chromium-browser (Ubuntu Oneiric)	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-1796

Related bugs and status

Related bugs

References