Project: chromium Issues People Development process History Sign in
New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Issue 180763 PWN2OWN: Bad cast in SVGViewSpec::viewTarget
Starred by 2 users Project Member Reported by jsc...@chromium.org, Mar 7 2013 Back to list
Status: Fixed
Owner:
Closed: Mar 2013
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 0
Type: Bug-Security



Sign in to add a comment
test.html
320 bytes View Download
test.svg
292 bytes Download
Labels: Restrict-View-Google
Tagging restrict-view-google to be safe. Full exploit coming.
local.py
624 bytes View Download
exploit.svg
267 bytes Download
exploit.html
27.6 KB View Download
favicon.ico
2.4 KB Download
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify Merge-Approved
Status: Fixed
http://trac.webkit.org/changeset/145013
Labels: -Restrict-View-SecurityNotify Restrict-View-SecurityTeam
Let's keep this one Restrict-View-SecurityTeam indefinitely, please :)
Comment 6 by pdr@chromium.org, Mar 7 2013
Cc: esprehn@chromium.org
Cc: taviso@chromium.org
Comment 8 by fjserna@google.com, Mar 7 2013
Cc: fjserna@google.com
Cc: thomasdullien@google.com
Labels: CVE-2013-0912
Project Member Comment 11 by bugdroid1@chromium.org, Mar 10 2013
Labels: -Type-Security -Area-WebKit -WebKit-SVG -SecImpacts-Stable -SecImpacts-Beta -SecSeverity-High Cr-Content Security-Impact-Stable Security-Impact-Beta Cr-Content-SVG Security-Severity-High Type-Bug-Security
Labels: -Merge-Approved Merge-Merged Release-2
M25 was http://trac.webkit.org/changeset/145015
M26 was http://trac.webkit.org/changeset/145016
Project Member Comment 13 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Severity-High Security_Severity-High
Project Member Comment 14 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member Comment 15 by bugdroid1@chromium.org, Mar 21 2013
Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member Comment 16 by bugdroid1@chromium.org, Apr 5 2013
Labels: -Cr-Content Cr-Blink
Project Member Comment 17 by bugdroid1@chromium.org, Apr 6 2013
Labels: -Cr-Content-SVG Cr-Blink-SVG
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Bulk edit for SecurityNotify.
Labels: -Restrict-View-SecurityNotify
Bulk release of old security bug reports.

Labels: -Restrict-View-Google
Project Member Comment 21 by sheriffbot@chromium.org, Jun 14 2016
Labels: -security_impact-beta
Project Member Comment 22 by sheriffbot@chromium.org, Oct 1 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member Comment 23 by sheriffbot@chromium.org, Oct 2 2016
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Sign in to add a comment