New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 180763 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner:
Closed: Mar 2013
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug-Security



Sign in to add a comment

PWN2OWN: Bad cast in SVGViewSpec::viewTarget

Project Member Reported by jsc...@chromium.org, Mar 7 2013

Issue description

test.html
320 bytes View Download
test.svg
292 bytes Download
Labels: Restrict-View-Google
Tagging restrict-view-google to be safe. Full exploit coming.
local.py
624 bytes View Download
exploit.svg
267 bytes Download
exploit.html
27.6 KB View Download
favicon.ico
2.4 KB Download
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify Merge-Approved
Status: Fixed
http://trac.webkit.org/changeset/145013
Labels: -Restrict-View-SecurityNotify Restrict-View-SecurityTeam
Let's keep this one Restrict-View-SecurityTeam indefinitely, please :)

Comment 6 by pdr@chromium.org, Mar 7 2013

Cc: esprehn@chromium.org
Cc: taviso@chromium.org

Comment 8 by fjserna@google.com, Mar 7 2013

Cc: fjserna@google.com
Cc: thomasdu...@google.com
Labels: CVE-2013-0912
Project Member

Comment 11 by bugdroid1@chromium.org, Mar 10 2013

Labels: -Type-Security -Area-WebKit -WebKit-SVG -SecImpacts-Stable -SecImpacts-Beta -SecSeverity-High Cr-Content Security-Impact-Stable Security-Impact-Beta Cr-Content-SVG Security-Severity-High Type-Bug-Security
Labels: -Merge-Approved Merge-Merged Release-2
M25 was http://trac.webkit.org/changeset/145015
M26 was http://trac.webkit.org/changeset/145016
Project Member

Comment 13 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Severity-High Security_Severity-High
Project Member

Comment 14 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Stable Security_Impact-Stable
Project Member

Comment 15 by bugdroid1@chromium.org, Mar 21 2013

Labels: -Security-Impact-Beta Security_Impact-Beta
Project Member

Comment 16 by bugdroid1@chromium.org, Apr 5 2013

Labels: -Cr-Content Cr-Blink
Project Member

Comment 17 by bugdroid1@chromium.org, Apr 6 2013

Labels: -Cr-Content-SVG Cr-Blink-SVG
Labels: -Restrict-View-SecurityTeam Restrict-View-SecurityNotify
Bulk edit for SecurityNotify.
Labels: -Restrict-View-SecurityNotify
Bulk release of old security bug reports.

Labels: -Restrict-View-Google
Project Member

Comment 21 by sheriffbot@chromium.org, Jun 14 2016

Labels: -security_impact-beta
Project Member

Comment 22 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 23 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic
Labels: CVE_description-submitted
Project Member

Comment 26 by sheriffbot@chromium.org, Jul 29

Labels: -Pri-0 Pri-1

Sign in to add a comment