The host is installed with Google Chrome before 41.0.2272.76 and is prone to an use-after-free vulnerability. A flaw is present in the V8Window::namedPropertyGetterCustom function in bindings/core/v8/custom/V8WindowCustom.cpp in the V8 bindings in Blink, as used in Google Chrome, which fails to properly handle vectors that trigger a frame detachment. Successful exploitation allows remote attackers ...