WebKit contains a use-after-free error in the 'ContainerNode::removeChild' function in dom/ContainerNode.cpp that is triggered when handling post-removal notifications. With a specially crafted web page, a context-dependent attacker can dereference already freed memory and potentially execute arbitrary code.
Loss of Integrity
It has been reported that this issue has been fixed. Upgrade to version 1.8.0, or higher, to address this vulnerability.
Upgrade to Google Chrome version 17.0.963.65 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.