Use-after-free vulnerability in the HTMLMediaElement::didMoveToNewDocument
function in core/html/HTMLMediaElement.cpp in Blink, as used in Google
Chrome before 29.0.1547.57, allows remote attackers to cause a denial of
service or possibly have unspecified other impact via vectors involving
moving a (1) AUDIO or (2) VIDEO element between documents.
Updated: 2015-07-29 20:41:44 UTC (commit 9756)