Issue 468933 link

Starred by 2 users

Issue metadata

Status:	Fixed
Owner:	----
Closed:	Mar 2015
Cc:	mseaborn@chromium.org
EstimatedDays:	----
NextAction:	----
OS:	Windows
Pri:	1
Type:	Bug-Security
Merge-na Release-2-M41 M-41 Security_Impact-Stable Security_Severity-High allpublic M-42

Blocked on:
issue 468936

Back to list

Security: pwn2own 2015 exploit #1

Project Member Reported by wfh@chromium.org, Mar 19 2015

Issue description

exploit #1 from pwn2own 2015

ZDI-CAN-2833.zip
1.9 MB Download

Comment 1 by timwillis@google.com, Mar 19 2015

password is ZDI-CAN-2833

Comment 2 by jln@chromium.org, Mar 19 2015

Cc: mseaborn@chromium.org

Comment 3 by aarya@google.com, Mar 19 2015

Blockedon: chromium:468936

Comment 4 by jln@chromium.org, Mar 19 2015

Uploading a usable file format.

ZDI-CAN-2833.tgz
1.9 MB Download

Comment 5 by rsesek@chromium.org, Mar 19 2015

PDF attached.

chrome_pwn2own_2015_lokihardt_for_google.pdf
69.6 KB Download

Comment 6 by wfh@chromium.org, Mar 19 2015

Labels: -Security_Severity-Critical Security_Severity-High

this exploit gives execution within the GPU process but a sandbox escape is required to get full access, so it's only severity High

Comment 7 by wfh@chromium.org, Mar 19 2015

Labels: -Pri-0 Pri-1

Project Member

Comment 8 by ClusterFuzz, Mar 19 2015

Labels: M-41

Comment 9 by timwillis@google.com, Mar 20 2015

Status: Fixed

Project Member

Comment 10 by ClusterFuzz, Mar 21 2015

Labels: -Restrict-View-SecurityTeam M-42 Merge-Triage Restrict-View-SecurityNotify

Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz

Comment 11 by timwillis@google.com, Apr 8 2015

Labels: -Merge-Triage Merge-NA

Tracking bug - no merge required.

Comment 12 by timwillis@google.com, Apr 9 2015

Labels: Release-2-M41

Project Member

Comment 13 by ClusterFuzz, Jun 26 2015

Labels: -Restrict-View-SecurityNotify

Bulk update: removing view restriction from closed bugs.

Project Member

Comment 14 by sheriffbot@chromium.org, Oct 1 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Project Member

Comment 15 by sheriffbot@chromium.org, Oct 2 2016

This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 16 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

►

Issue 468933 link

Issue metadata

Security: pwn2own 2015 exploit #1

Issue description

Comment 1 by timwillis@google.com, Mar 19 2015

Comment 1 Deleted

Comment 2 by jln@chromium.org, Mar 19 2015

Comment 2 Deleted

Comment 3 by aarya@google.com, Mar 19 2015

Comment 3 Deleted

Comment 4 by jln@chromium.org, Mar 19 2015

Comment 4 Deleted

Comment 5 by rsesek@chromium.org, Mar 19 2015

Comment 5 Deleted

Comment 6 by wfh@chromium.org, Mar 19 2015

Comment 6 Deleted

Comment 7 by wfh@chromium.org, Mar 19 2015

Comment 7 Deleted

Comment 8 by ClusterFuzz, Mar 19 2015

Comment 8 Deleted

Comment 9 by timwillis@google.com, Mar 20 2015

Comment 9 Deleted

Comment 10 by ClusterFuzz, Mar 21 2015

Comment 10 Deleted

Comment 11 by timwillis@google.com, Apr 8 2015

Comment 11 Deleted

Comment 12 by timwillis@google.com, Apr 9 2015

Comment 12 Deleted

Comment 13 by ClusterFuzz, Jun 26 2015

Comment 13 Deleted

Comment 14 by sheriffbot@chromium.org, Oct 1 2016

Comment 14 Deleted

Comment 15 by sheriffbot@chromium.org, Oct 2 2016

Comment 15 Deleted

Comment 16 by mbarbe...@chromium.org, Oct 2 2016

Comment 16 Deleted

Sign in to add a comment