Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument
function in core/html/HTMLMediaElement.cpp in Blink, as used in Google
Chrome before 29.0.1547.57, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors involving
moving a (1) AUDIO or (2) VIDEO element between documents.
Updated: 2016-01-26 17:43:24 UTC (commit 10507)