c438b93f18
There are use cases of webview where the container holding the webview is not actually destroyed first, instead just webview gets removed from DOM, in such situations the browser process map is not updated accordingly and holds reference to stale guest contents, and any window operations like scroll, resize or keyboard events that has to chain through browser embedder will lead to UAF crash. Ref: https://github.com/microsoft/vscode/issues/92420 |
||
---|---|---|
.. | ||
browser | ||
common | ||
isolated_renderer | ||
renderer | ||
sandboxed_renderer | ||
worker |