New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Mar 2013
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment
link

Issue 180763: PWN2OWN: Bad cast in SVGViewSpec::viewTarget

Reported by jsc...@chromium.org, Mar 7 2013 Project Member

Issue description

Comment 1 by scarybea...@gmail.com, Mar 7 2013

test.html
320 bytes View Download
test.svg
292 bytes Download

Comment 2 by scarybea...@gmail.com, Mar 7 2013

Labels: Restrict-View-Google
Tagging restrict-view-google to be safe. Full exploit coming.

Comment 3 by scarybea...@gmail.com, Mar 7 2013

local.py
624 bytes View Download
exploit.svg
267 bytes Download
exploit.html
27.6 KB View Download
favicon.ico
2.4 KB Download

Comment 4 by infe...@chromium.org, Mar 7 2013

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify Merge-Approved
Status: Fixed
http://trac.webkit.org/changeset/145013

Comment 5 by scarybea...@gmail.com, Mar 7 2013

Labels: -Restrict-View-SecurityNotify Restrict-View-SecurityTeam
Let's keep this one Restrict-View-SecurityTeam indefinitely, please :)

Comment 6 by pdr@chromium.org, Mar 7 2013

Cc: esprehn@chromium.org

Comment 7 by jsc...@chromium.org, Mar 7 2013

Cc: taviso@chromium.org

Comment 8 by fjserna@google.com, Mar 7 2013

Cc: fjserna@google.com

Comment 9 by jsc...@chromium.org, Mar 7 2013

Cc: thomasdu...@google.com

Comment 10 by infe...@chromium.org, Mar 7 2013

Labels: CVE-2013-0912

Comment 11 by bugdroid1@chromium.org, Mar 10 2013

Project Member
Labels: -Type-Security -Area-WebKit -WebKit-SVG -SecImpacts-Stable -SecImpacts-Beta -SecSeverity-High Cr-Content Security-Impact-Stable Security-Impact-Beta Cr-Content-SVG Security-Severity-High Type-Bug-Security

Comment 12 by scarybea...@gmail.com, Mar 12 2013

Labels: -Merge-Approved Merge-Merged Release-2
M25 was http://trac.webkit.org/changeset/145015
M26 was http://trac.webkit.org/changeset/145016

Comment 13 by bugdroid1@chromium.org, Mar 21 2013

Project Member
Labels: -Security-Severity-High Security_Severity-High

Comment 14 by bugdroid1@chromium.org, Mar 21 2013

Project Member
Labels: -Security-Impact-Stable Security_Impact-Stable

Comment 15 by bugdroid1@chromium.org, Mar 21 2013

Project Member
Labels: -Security-Impact-Beta Security_Impact-Beta

Comment 16 by bugdroid1@chromium.org, Apr 5 2013

Project Member
Labels: -Cr-Content Cr-Blink

Comment 17 by bugdroid1@chromium.org, Apr 6 2013

Project Member
Labels: -Cr-Content-SVG Cr-Blink-SVG

Comment 18 by jsc...@chromium.org, Apr 11 2013

Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Bulk edit for SecurityNotify.

Comment 19 by jsc...@chromium.org, Nov 18 2013

Labels: -Restrict-View-SecurityNotify
Bulk release of old security bug reports.

Comment 20 by cevans@chromium.org, Feb 12 2014

Labels: -Restrict-View-Google

Comment 21 by sheriffbot@chromium.org, Jun 14 2016

Project Member
Labels: -security_impact-beta

Comment 22 by sheriffbot@chromium.org, Oct 1 2016

Project Member
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 23 by sheriffbot@chromium.org, Oct 2 2016

Project Member
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 24 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Comment 25 by awhalley@chromium.org, Apr 25 2018

Labels: CVE_description-submitted

Comment 26 by sheriffbot@chromium.org, Jul 29 2018

Project Member
Labels: -Pri-0 Pri-1

Sign in to add a comment