New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 1 user

Issue metadata

Status: Fixed
Owner:
Email to this user bounced
Closed: Feb 2013
Cc:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 1
Type: Bug-Security



Sign in to add a comment
link

Issue 172573: Compromised renderer can load banned plug-in

Reported by scarybea...@gmail.com, Jan 28 2013

Issue description

If I was going to go about busting out of the Chrome sandbox, I recently reasoned the following:

- Allegedly, Java is installed on 66% of computers (largely independent of browser).
- A Java installation is frequently out of date; we block this situation.
- Even when uptodate, Java is a security nightmare -- it's currently the largest source of severe 0-day attacks in the browser ecosystem. Because of this, we block even an uptodate Java.

So, interestingly, now think about a compromised renderer. A compromised renderer gets to load any plug-in it pleases. This is largely because the decision to block a plug-in or not lives in the renderer -- and this, in turn, is necessitated by the click-to-play.

However, in the event that the browser determines that the status of a plug-in is "blocked" for whetever reason, we can refuse to load the plug-in at the browser side. This is only slightly complicated by the need to handle browser-mediated user authorizations (infobars, right-click menu and page action icon).

So we can become secure against compromised renderers. For example, a compromised renderer now cannot load the Java plug-in by default, unless the user has authorized a site to use Java and the attacker knows what that site is. A majority of users have Java installed yet never use Java. So we can protect those users.
 

Comment 1 by jln@chromium.org, Jan 29 2013

Cc: jln@chromium.org

Comment 2 by bugdroid1@chromium.org, Feb 1 2013

Project Member
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=180103

------------------------------------------------------------------------
r180103 | cevans@chromium.org | 2013-02-01T06:29:31.366788Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/renderer_host/render_message_filter.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_infobar_delegates.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.h?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl_browsertest.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/browser/plugin_service_filter.h?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.h?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_data_remover_impl.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.h?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/pepper_flash_settings_helper_impl.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/content_settings/content_setting_bubble_model.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/plugin_info_message_filter_unittest.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/tab_contents/render_view_context_menu.cc?r1=180103&r2=180102&pathrev=180103
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/content_settings/content_settings_browsertest.cc?r1=180103&r2=180102&pathrev=180103

Only permit plug-in loads in the browser if the plug-in isn't blocked or the
user has authorized it with a browser-mediated interaction.

BUG= 172573 
Review URL: https://codereview.chromium.org/12086077
------------------------------------------------------------------------

Comment 3 by bugdroid1@chromium.org, Feb 1 2013

Project Member
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=180110

------------------------------------------------------------------------
r180110 | dbeam@chromium.org | 2013-02-01T07:49:30.947049Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/content_settings/content_setting_bubble_model.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/plugin_info_message_filter_unittest.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/tab_contents/render_view_context_menu.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/content_settings/content_settings_browsertest.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/renderer_host/render_message_filter.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_infobar_delegates.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.h?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl_browsertest.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/browser/plugin_service_filter.h?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.h?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_data_remover_impl.cc?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.h?r1=180110&r2=180109&pathrev=180110
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/pepper_flash_settings_helper_impl.cc?r1=180110&r2=180109&pathrev=180110

Broke ContentSettingBubbleModelTest.Plugins on Android.

Revert 180103 - Only permit plug-in loads in the browser if the plug-in isn't blocked or the
user has authorized it with a browser-mediated interaction.

BUG= 172573 
Review URL: https://codereview.chromium.org/12086077

TBR=cevans@chromium.org
Review URL: https://chromiumcodereview.appspot.com/12114045
------------------------------------------------------------------------

Comment 4 by bugdroid1@chromium.org, Feb 1 2013

Project Member
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=180159

------------------------------------------------------------------------
r180159 | cevans@chromium.org | 2013-02-01T18:20:54.618483Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_data_remover_impl.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.h?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/pepper_flash_settings_helper_impl.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/ui/content_settings/content_setting_bubble_model.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/plugin_info_message_filter_unittest.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/tab_contents/render_view_context_menu.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/content_settings/content_settings_browsertest.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/renderer_host/render_message_filter.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_infobar_delegates.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.h?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl_browsertest.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/browser/plugin_service_filter.h?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.cc?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.h?r1=180159&r2=180158&pathrev=180159
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.cc?r1=180159&r2=180158&pathrev=180159

Only permit plug-in loads in the browser if the plug-in isn't blocked or the
user has authorized it with a browser-mediated interaction.

(Reland https://codereview.chromium.org/12086077 with Android test tweak)

BUG= 172573 
R=jam@chromium.org
Review URL: https://codereview.chromium.org/12092107
------------------------------------------------------------------------

Comment 5 by scarybea...@gmail.com, Feb 1 2013

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify Merge-Approved
Status: Fixed
Damn thing is gonna stick this time.

Comment 6 by bugdroid1@chromium.org, Feb 5 2013

Project Member
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=180600

------------------------------------------------------------------------
r180600 | cevans@chromium.org | 2013-02-05T01:35:58.748782Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/plugin_info_message_filter_unittest.cc?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.h?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/renderer_host/render_message_filter.cc?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.cc?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl_browsertest.cc?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/browser/plugin_service_filter.h?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.cc?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.h?r1=180600&r2=180599&pathrev=180600
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.cc?r1=180600&r2=180599&pathrev=180600

Follow-on fixes and naming changes for https://codereview.chromium.org/12086077/

BUG= 172573 
Review URL: https://codereview.chromium.org/12177018
------------------------------------------------------------------------

Comment 7 by bugdroid1@chromium.org, Feb 5 2013

Project Member
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=180620

------------------------------------------------------------------------
r180620 | jschuh@chromium.org | 2013-02-05T06:18:37.539654Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.h?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.cc?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/plugin_info_message_filter_unittest.cc?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.h?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/renderer_host/render_message_filter.cc?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.cc?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl_browsertest.cc?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/browser/plugin_service_filter.h?r1=180620&r2=180619&pathrev=180620
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.cc?r1=180620&r2=180619&pathrev=180620

Revert 180600
> Follow-on fixes and naming changes for https://codereview.chromium.org/12086077/
> 
> BUG= 172573 
> Review URL: https://codereview.chromium.org/12177018

Windows and aura bots are failing, and this is the only CL
in range that had no passing try runs for those tests.
If the bots don't go green, I'll unrevert the revert.

TBR=cevans@chromium.org
Review URL: https://codereview.chromium.org/12210009
------------------------------------------------------------------------

Comment 8 by scarybea...@gmail.com, Feb 5 2013

Hey, I'm online, next time ping me before reverting unless I'm offline. :P

The try run is pretty green, including "win7_aura" and "win". "win_rel" was red because of Julien's tcmalloc change that broke compile. Are you sure you've targeted the CL you meant to?

Comment 9 by bugdroid1@chromium.org, Feb 5 2013

Project Member
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=180700

------------------------------------------------------------------------
r180700 | jschuh@chromium.org | 2013-02-05T15:02:50.947139Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/renderer_host/plugin_info_message_filter_unittest.cc?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.h?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/renderer_host/render_message_filter.cc?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl.cc?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/browser/plugin_service_impl_browsertest.cc?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/content/public/browser/plugin_service_filter.h?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.cc?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/chrome_plugin_service_filter.h?r1=180700&r2=180699&pathrev=180700
   M http://src.chromium.org/viewvc/chrome/trunk/src/chrome/browser/plugins/plugin_info_message_filter.cc?r1=180700&r2=180699&pathrev=180700

Follow-on fixes and naming changes for https://codereview.chromium.org/12086077/

BUG= 172573 
Review URL: https://codereview.chromium.org/12177018
Recommit of: https://codereview.chromium.org/12177018

TBR=cevans@chromium.org
Review URL: https://codereview.chromium.org/12209008
------------------------------------------------------------------------

Comment 10 by scarybea...@gmail.com, Feb 20 2013

Labels: -Mstone-24 -Merge-Approved Mstone-26 Release-0
Merge isn't trivial and this is a bit like a feature and not just a bugfix.
So I'm punting to M26, where this is already release to dev channel.

Comment 11 by scarybea...@gmail.com, Feb 21 2013

Labels: Merge-Approved
Changed my mind again. It's probably an easy way to bust out of the sandbox, using other companies' buggy code (Java springs to mind). This is a nasty bug.

Comment 12 by bugdroid1@chromium.org, Feb 21 2013

Project Member
Labels: -Merge-Approved merge-merged-1364
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=183685

------------------------------------------------------------------------
r183685 | cevans@chromium.org | 2013-02-21T00:55:11.382473Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/plugins/plugin_infobar_delegates.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/content/browser/plugin_service_impl.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/content/browser/plugin_service_impl.h?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/content/browser/plugin_service_impl_browsertest.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/content/public/browser/plugin_service_filter.h?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/content/browser/plugin_data_remover_impl.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/content/browser/pepper_flash_settings_helper_impl.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/ui/content_settings/content_setting_bubble_model.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/chrome_plugin_service_filter.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/chrome_plugin_service_filter.h?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/renderer_host/plugin_info_message_filter_unittest.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/tab_contents/render_view_context_menu.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/renderer_host/plugin_info_message_filter.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/content_settings/content_settings_browsertest.cc?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/renderer_host/plugin_info_message_filter.h?r1=183685&r2=183684&pathrev=183685
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/content/browser/renderer_host/render_message_filter.cc?r1=183685&r2=183684&pathrev=183685

Merge 180159
> Only permit plug-in loads in the browser if the plug-in isn't blocked or the
> user has authorized it with a browser-mediated interaction.
> 
> (Reland https://codereview.chromium.org/12086077 with Android test tweak)
> 
> BUG= 172573 
> R=jam@chromium.org
> Review URL: https://codereview.chromium.org/12092107

TBR=cevans@chromium.org
Review URL: https://codereview.chromium.org/12315023
------------------------------------------------------------------------

Comment 13 by bugdroid1@chromium.org, Feb 21 2013

Project Member
The following revision refers to this bug:
    http://src.chromium.org/viewvc/chrome?view=rev&revision=183687

------------------------------------------------------------------------
r183687 | cevans@chromium.org | 2013-02-21T01:04:43.549439Z

Changed paths:
   M http://src.chromium.org/viewvc/chrome/branches/1364/src/chrome/browser/chrome_plugin_service_filter.cc?r1=183687&r2=183686&pathrev=183687

Merge 180600
> Follow-on fixes and naming changes for https://codereview.chromium.org/12086077/
> 
> BUG= 172573 
> Review URL: https://codereview.chromium.org/12177018

TBR=cevans@chromium.org
------------------------------------------------------------------------

Comment 14 by scarybea...@gmail.com, Feb 21 2013

Labels: -Mstone-26 -Release-0 Mstone-25 Release-1 Merge-Merged
Ok got it.

Comment 15 by scarybea...@gmail.com, Mar 2 2013

Labels: CVE-2013-0910

Comment 16 by bugdroid1@chromium.org, Mar 10 2013

Project Member
Labels: -Type-Security -SecImpacts-Stable -SecImpacts-Beta -SecSeverity-Medium -Mstone-25 Security-Impact-Stable Security-Impact-Beta Security-Severity-Medium M-25 Type-Bug-Security

Comment 17 by bugdroid1@chromium.org, Mar 11 2013

Project Member
Labels: -Area-Undefined

Comment 18 by bugdroid1@chromium.org, Mar 21 2013

Project Member
Labels: -Security-Impact-Stable Security_Impact-Stable

Comment 19 by bugdroid1@chromium.org, Mar 21 2013

Project Member
Labels: -Security-Severity-Medium Security_Severity-Medium

Comment 20 by bugdroid1@chromium.org, Mar 21 2013

Project Member
Labels: -Security-Impact-Beta Security_Impact-Beta

Comment 21 by jsc...@chromium.org, Nov 18 2013

Labels: -Restrict-View-SecurityNotify
Bulk release of old security bug reports.

Comment 22 by timwillis@google.com, Sep 4 2015

Labels: reward-ineligible
marking old scarybeasts bugs as reward-ineligible

Comment 23 by sheriffbot@chromium.org, Jun 14 2016

Project Member
Labels: -security_impact-beta

Comment 24 by sheriffbot@chromium.org, Oct 1 2016

Project Member
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 25 by sheriffbot@chromium.org, Oct 2 2016

Project Member
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 26 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Comment 27 by awhalley@chromium.org, Apr 25 2018

Labels: CVE_description-submitted

Comment 28 by sheriffbot@chromium.org, Jul 29 2018

Project Member
Labels: -Pri-0 Pri-1

Sign in to add a comment