Common Vulnerabilities and Exposures assigned an identifier CVE-2015-1205 to the following vulnerability: Name: CVE-2015-1205 URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1205 Assigned: 20150121 Reference: https://code.google.com/p/chromium/issues/detail?id=449894 Multiple unspecified vulnerabilities in Google Chrome before 40.0.2214.91 allow attackers to cause a denial of service or possibly have other impact via unknown vectors.
Upstream bug linked in comment 0 contains long list of other upstream bugs for random fixes applied in this Chrome update. One of the issues is: https://code.google.com/p/chromium/issues/detail?id=432209 This bug is currently non-public, but it can be tracked to the following ICU change using the bug id: https://chromium.googlesource.com/chromium/deps/icu/+/dd727641e190d60e4593bcb3a35c7f51eb4925c5 Chrome commit identifies ICU upstream bug, which is also non-public. ICU upstream bug and commit links: http://bugs.icu-project.org/trac/ticket/11371 http://bugs.icu-project.org/trac/changeset/36801 "Improved checking of regular expression pattern size limits."
Removing ICU affects. The ICU issue mentioned in comment 1 got separate CVE assignment - CVE-2014-9654, see bug 1190129.
In reply to comment #1: > Chrome commit identifies ICU upstream bug, which is also non-public. ICU > upstream bug and commit links: > > http://bugs.icu-project.org/trac/ticket/11371 > http://bugs.icu-project.org/trac/changeset/36801 > "Improved checking of regular expression pattern size limits." ICU upstream migrated to Jira for bug tracking and git for source code. Matching links are: https://unicode-org.atlassian.net/browse/ICU-11371 https://github.com/unicode-org/icu/commit/63758dca88e784a69467158a99f8903f8c30fa6d