VulnerabilityCVE-2026-3777CVSS 5.5

The application does not properly validate the lifetime and validity of internal view cache...

GitHub Advisory Database · GitHub Security4/1/2026, 3:31:40 AM
View Original Source

Summary

The application does not properly validate the lifetime and validity of internal view cache pointers after JavaScript changes the document zoom and page state. When a script modifies the zoom property and then triggers a page change, the original view object may be destroyed while stale pointers are still kept and later dereferenced, which under crafted JavaScript and document structures can lead to a use-after-free condition and potentially allow arbitrary code execution.

Metadata

Article ID
#480296
Source
GitHub Advisory Database
Scraped At
4/1/2026, 6:10:20 AM
URL Hash
854ae817deaa8f90…