New issue
Advanced search Search tips
Starred by 1 user
Status: Fixed
Owner:
Closed: Apr 2012
Components:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Security

Restricted
  • Only users with EditIssue permission may comment.



Sign in to add a comment
Sandboxed processes should not be able to open other sandboxed processes
Project Member Reported by jsc...@chromium.org, Mar 20 2012 Back to list
By default, sandboxed processes can open other sandboxed processes and manipulate them. Integrity levels and the restricted group prevent reaching into unsandboxed processes. However, it's possible to start a renderer with privileged IPCs, open the process, and manipulate it directly.
 
Comment 1 Deleted
Comment 2 Deleted
Comment 3 Deleted
Comment 4 Deleted
Comment 5 Deleted
Comment 6 Deleted
Comment 7 Deleted
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify Mstone-19 Merge-Approved
Status: FixUnreleased
Good to merge to M19 Beta once it's survived a few more days on dev?
Yeah, I'll do the merge since it might get hairy.
Labels: -Mstone-19 -Merge-Approved Mstone-20
Justin says M20. Seems reasonable!
Labels: CVE-2012-2816
Labels: -Restrict-View-SecurityNotify
Status: Fixed
Project Member Comment 14 by bugdroid1@chromium.org, Oct 13 2012
Labels: Restrict-AddIssueComment-Commit
This issue has been closed for some time. No one will pay attention to new comments.
If you are seeing this bug or have new data, please click New Issue to start a new bug.
Project Member Comment 15 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Type-Security -Area-Internals -Feature-Security -SecImpacts-Stable -SecImpacts-Beta -SecSeverity-Medium -Mstone-20 M-20 Security-Impact-Stable Security-Impact-Beta Cr-Security Security-Severity-Medium Cr-Internals Type-Bug-Security
Project Member Comment 16 by bugdroid1@chromium.org, Mar 14 2013
Labels: -Restrict-AddIssueComment-Commit Restrict-AddIssueComment-EditIssue
Project Member Comment 17 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member Comment 18 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Severity-Medium Security_Severity-Medium
Project Member Comment 19 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member Comment 20 by sheriffbot@chromium.org, Jun 14 2016
Labels: -security_impact-beta
Project Member Comment 21 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 22 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment