WebKit/Source/core/layout/LayoutObject.cpp in Blink, as used in Google Chrome before 49.0.2623.87, does not properly restrict relayout scheduling, which allows remote attackers to cause a denial of service (use-after-free) or possibly have unspecified other impact via a crafted HTML document.
History

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.03265}

epss

{'score': 0.01763}


cve-icon MITRE

Status: PUBLISHED

Assigner: Chrome

Published: 2016-03-13T22:00:00

Updated: 2024-08-05T23:02:12.847Z

Reserved: 2016-01-12T00:00:00

Link: CVE-2016-1644

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2016-03-13T22:59:03.997

Modified: 2025-04-12T10:46:40.837

Link: CVE-2016-1644

cve-icon Redhat

Severity : Important

Publid Date: 2016-03-08T00:00:00Z

Links: CVE-2016-1644 - Bugzilla