漏洞关键信息 报告者: cl...@chromium.org 类型: Vulnerability 优先级: P1 严重性: S2 状态: Fixed 访问权限: 默认访问 标签: - Stability-Memory-AddressSanitizer - ClusterFuzz - Security_Impact-Stable 组件: - Blink>Layout 描述 详细报告: 链接 模糊测试器: Inferno_twister 作业类型: Linux_asan_content_shell_drt 崩溃类型: Heap-use-after-free READ 8 崩溃地址: 0x60d00009bc30 崩溃状态: - 崩溃堆栈: - WebCore::RenderTreeBuilder::createRendererForElementIfNeeded - WebCore::Element::attach - 释放堆栈: - WebCore::RenderObjectChildList::destroyLeftoverChildren - WebCore::RenderBlock::willBeDestroyed 退化版本: 链接 最小化测试用例(2.31KB): 链接 跟踪 无更新。已分配给 ph...@opera.com 进行修复。