Chrome suffers from a state tracking issue in RenderFrameHostImpl that leads to a use-after-free vulnerability. Continue reading...