New issue
Advanced search Search tips

Issue 468933 link

Starred by 2 users

Issue metadata

Status: Fixed
Owner: ----
Closed: Mar 2015
Cc:
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Security

Blocked on:
issue 468936



Sign in to add a comment

Security: pwn2own 2015 exploit #1

Project Member Reported by wfh@chromium.org, Mar 19 2015

Issue description

exploit #1 from pwn2own 2015
 
ZDI-CAN-2833.zip
1.9 MB Download
password is ZDI-CAN-2833

Comment 2 by jln@chromium.org, Mar 19 2015

Cc: mseaborn@chromium.org

Comment 3 by aarya@google.com, Mar 19 2015

Blockedon: chromium:468936

Comment 4 by jln@chromium.org, Mar 19 2015

Uploading a usable file format.
ZDI-CAN-2833.tgz
1.9 MB Download

Comment 5 by rsesek@chromium.org, Mar 19 2015

PDF attached.
chrome_pwn2own_2015_lokihardt_for_google.pdf
69.6 KB Download

Comment 6 by wfh@chromium.org, Mar 19 2015

Labels: -Security_Severity-Critical Security_Severity-High
this exploit gives execution within the GPU process but a sandbox escape is required to get full access, so it's only severity High

Comment 7 by wfh@chromium.org, Mar 19 2015

Labels: -Pri-0 Pri-1
Project Member

Comment 8 by ClusterFuzz, Mar 19 2015

Labels: M-41
Status: Fixed
Project Member

Comment 10 by ClusterFuzz, Mar 21 2015

Labels: -Restrict-View-SecurityTeam M-42 Merge-Triage Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz
Labels: -Merge-Triage Merge-NA
Tracking bug - no merge required.
Labels: Release-2-M41
Project Member

Comment 13 by ClusterFuzz, Jun 26 2015

Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.
Project Member

Comment 14 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 15 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Labels: allpublic

Sign in to add a comment