0

Update example bug for browser memory corruption in severity guidelines

319125 is a straightforward browser memory corruption bug where an IPC
handler blindly trusts data from the renderer, forgetting that one of
the types of data that can be set is a raw pointer ^_^

Change-Id: I14a37f1882c06edc56e5d4d2f7c1d0444869bec4
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1790480
Commit-Queue: Daniel Cheng <dcheng@chromium.org>
Reviewed-by: Max Moroz <mmoroz@chromium.org>
Reviewed-by: Emily Stark <estark@chromium.org>
Cr-Commit-Position: refs/heads/master@{#694943}
This commit is contained in:
Daniel Cheng
2019-09-09 22:15:36 +00:00
committed by Commit Bot
parent 2219572e33
commit 62a44a8fbc

@ -37,7 +37,7 @@ if there is evidence of active exploitation.
Example bugs:
* Memory corruption in the browser process ([564501](https://crbug.com/564501)).
* Memory corruption in the browser process ([319125](https://crbug.com/319125#c10)).
* Exploit chains made up of multiple bugs that can lead to code execution
outside of the sandbox ([416449](https://crbug.com/416449)).
* A bug that enables web content to read local files