Vulnerability Key Information Vulnerability Type: Use-after-poison (Type: Vulnerability) Urgency: P1 Severity: S1 Status: Fixed Report Details Reporter: cl...@chromium.org Report Time: May 10, 2019 03:46AM Technical Details Detailed Report Link: clusterfuzz.com/testcase?key=5123137526693888 Job Type: linux_asan_chrome_mp Platform: Linux Crash Type: Use-after-poison READ 1 Crash Address: 0x7e87dd4ed360 Crash Stack: blink::xpath::Expression::AddSubExpression -> xpathyyparse -> blink::xpath::Parser::ParseStatement Sanitizer: AddressSanitizer (ASAN) Provided Resources Reproducer Testcase: clusterfuzz.com/download?testcase_id=5123137526693888 Additional Information Reporter Message: This bug was reported over email by bugfense@protonmail.com. It's a UAF in blink/xpath processor. Acknowledgment: Credit given to BUGFENSE Anonymous Bug Bounties. Fix Deadline: Patch deadline: 90 days before full disclosure. The above information helps understand the details of this use-after-poison vulnerability and the reporting handling process.