New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.
Starred by 2 users
Status: Fixed
Owner: ----
Closed: Mar 2015
Cc:
mseaborn@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 1
Type: Bug-Security

Blocked on:
issue 468936


Sign in to add a comment
link

Issue 468933: Security: pwn2own 2015 exploit #1

Reported by wfh@chromium.org, Mar 19 2015 Project Member 
exploit #1 from pwn2own 2015
ZDI-CAN-2833.zip
1.9 MB Download

Comment 1 by timwillis@google.com, Mar 19 2015 

password is ZDI-CAN-2833

Comment 2 by jln@chromium.org, Mar 19 2015

Cc: mseaborn@chromium.org

Comment 3 by aarya@google.com, Mar 19 2015

Blockedon: chromium:468936

Comment 4 by jln@chromium.org, Mar 19 2015 

Uploading a usable file format.
ZDI-CAN-2833.tgz
1.9 MB Download

Comment 5 by rsesek@chromium.org, Mar 19 2015 

PDF attached.
chrome_pwn2own_2015_lokihardt_for_google.pdf
69.6 KB Download

Comment 6 by wfh@chromium.org, Mar 19 2015

Labels: -Security_Severity-Critical Security_Severity-High
this exploit gives execution within the GPU process but a sandbox escape is required to get full access, so it's only severity High

Comment 7 by wfh@chromium.org, Mar 19 2015

Labels: -Pri-0 Pri-1

Comment 8 by ClusterFuzz, Mar 19 2015

Project Member
Labels: M-41

Comment 9 by timwillis@google.com, Mar 20 2015

Status: Fixed

Comment 10 by ClusterFuzz, Mar 21 2015

Project Member
Labels: -Restrict-View-SecurityTeam M-42 Merge-Triage Restrict-View-SecurityNotify
Adding Merge-Triage label for tracking purposes.

Once your fix had sufficient bake time (on canary, dev as appropriate), please nominate your fix for merge by adding the Merge-Requested label.

When your merge is approved by the release manager, please start merging with higher milestone label first. Make sure to re-request merge for every milestone in the label list. You can get branch information on omahaproxy.appspot.com.

- Your friendly ClusterFuzz

Comment 11 by timwillis@google.com, Apr 8 2015

Labels: -Merge-Triage Merge-NA
Tracking bug - no merge required.

Comment 12 by timwillis@google.com, Apr 9 2015

Labels: Release-2-M41

Comment 13 by ClusterFuzz, Jun 26 2015

Project Member
Labels: -Restrict-View-SecurityNotify
Bulk update: removing view restriction from closed bugs.

Comment 14 by sheriffbot@chromium.org, Oct 1 2016

Project Member 
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 15 by sheriffbot@chromium.org, Oct 2 2016

Project Member 
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 16 by mbarbe...@chromium.org, Oct 2 2016

Labels: allpublic

Sign in to add a comment