Google Chrome FontData: Bound Function Integer Overflow Vulnerability (CVE-2015-6781)
Google Chrome FontData: Bound Function Integer Overflow Vulnerability (CVE-2015-6781)
Release date:
Updated on:
Affected Systems:
Google Chrome <47.0.2526.73
Description:
CVE (CAN) ID: CVE-2015-6781
Google Chrome is a Web browser tool developed by Google.
In versions earlier than Google Chrome 47.0.2526.73, The FontData: Bound function of data/font_data.cc in Google sfntly has the integer overflow vulnerability. Remote attackers can create an offset value or length value of the font data in the SFNT container, this vulnerability can cause DoS attacks.
<* Source: Google
*>
Suggestion:
Vendor patch:
Google
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://googlechromereleases.blogspot.com/2015/12/stable-channel-update.html
This article permanently updates the link address: