Update example bug for browser memory corruption in severity guidelines
319125 is a straightforward browser memory corruption bug where an IPC handler blindly trusts data from the renderer, forgetting that one of the types of data that can be set is a raw pointer ^_^ Change-Id: I14a37f1882c06edc56e5d4d2f7c1d0444869bec4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1790480 Commit-Queue: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/heads/master@{#694943}
This commit is contained in:
@ -37,7 +37,7 @@ if there is evidence of active exploitation.
|
||||
|
||||
Example bugs:
|
||||
|
||||
* Memory corruption in the browser process ([564501](https://crbug.com/564501)).
|
||||
* Memory corruption in the browser process ([319125](https://crbug.com/319125#c10)).
|
||||
* Exploit chains made up of multiple bugs that can lead to code execution
|
||||
outside of the sandbox ([416449](https://crbug.com/416449)).
|
||||
* A bug that enables web content to read local files
|
||||
|
Reference in New Issue
Block a user