New issue
Advanced search Search tips

Issue 698608 link

Starred by 2 users
Status: WontFix
Owner: ----
Closed: Mar 2017
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: ----
Type: Bug-Security



Sign in to add a comment

Security: Chrome + Chromium Exploit

Reported by pk4life2...@gmail.com, Mar 5 2017 
It escapes the sandbox and works from v54 of Chrome + Chromium.

What can be done with this exploit: 
Instead of popping calculator like I did, you can execute your own executable.

What this exploit affects:
the v8 engine in chrome.

Bypass features: 
Bypasses UAC, ASLR, DEP 

Attached file is video demonstration
demonstration.mp4
5.2 MB View Download

Comment 1 by vakh@chromium.org, Mar 6 2017

Status: WontFix (was: Unconfirmed)
This looks like a WontFix to me, but please feel free to re-open the bug if you can launch calc.exe when the webpage is hosted on the internet (not accessed via file://)

When you re-open the bug, could you please share the HTML/JS code to reproduce the problem locally? Thanks.

Comment 2 by elawrence@chromium.org, Mar 6 2017 

Neat. If you can provide the bypass of security features, this would be considered for a bounty.

Unfortunately, some folks spam our bugtracker with bogus reports that look compelling but are really just fakes. The error page shown in the video is what happens when you deliberately run a render process out of memory by making large allocations, and any Windows 10 browser will open calculator if you navigate to e.g. <a href="calculator:123">click</a>.
Project Member

Comment 3 by sheriffbot@chromium.org, Jun 13 2017

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment