WebKit contains a typecasting flaw in the 'CalendarPickerElement::defaultEventHandler' function in WebCore/html/shadow/CalendarPickerElement.cpp when an event changes the input type for a calendar picker indicator when e.g. clicked. With a specially crafted web page, a context-dependent attacker can corrupt memory to cause a denial of service or potentially execute arbitrary code.
Loss of Integrity,
The vendor has released a patch to address this vulnerability. There are no known workarounds or upgrades to correct this issue. Check the vendor advisory, changelog, or solution in the references section for details.
Upgrade to Google Chrome version 21.0.1180.57 or higher for Mac and Linux or 21.0.1180.60 or higher for Windows and Chrome Frame, as they have been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.