A code execution vulnerability exists Apple Safari and Google Chrome. The vulnerability is due to a use-after-free condition while handling run-in boxes.

A remote, unauthenticated attacker can exploit this vulnerability by enticing a user to visit a malicious web site. This can lead to memory corruption and the possibility of code execution in the context of the affected user. If code execution is unsuccessful, the application may terminate abnormally.

Google has released an advisory and a new version of Chrome to address this vulnerability:

http://googlechromereleases.blogspot.ca/2012/04/stable-and-beta-channel-updates.html

A new version of Safari addressing this vulnerability is not yet available.

• Apple Computer Safari 5.x prior to 5.1.4
• Google Chrome prior to 18.0.1025.151

• Access vector is NETWORK
• Access complexity is MEDIUM
• Level of authentication required is NONE
• Impact of this vulnerability on data confidentiality is PARTIAL
• Impact of this vulnerability on data integrity is PARTIAL
• Impact of this vulnerability on data availability is PARTIAL

• The exploitability level of this vulnerability is PROOF OF CONCEPT
• The remediation level of this vulnerability is OFFICIAL FIX
• The report confidence level of this vulnerability is CONFIRMED