Issue metadata
Sign in to add a comment
|
Security: Mac-only UNKNOWN crash in wikipedia.org
Reported by
jackwill...@gmail.com,
Feb 4 2018
|
||||||||||||||||||||
Issue descriptionGoogle Chrome 66.0.3339.0 (Official Build) canary (64-bit) Revision eede49c2a7bfdd0a69d5254981bf629765ca57f7-refs/heads/master@{#534290} OS Mac OS X 1. Run Chrome with --flag-switches-begin --autoplay-policy=user-gesture-required-for-cross-origin --enable-experimental-web-platform-features --enable-translate-new-ux --enable-features=ClickToOpenPDFPlaceholder,ClipboardContentSetting,WebAssembly --flag-switches-end 2. Visit https://en.wikipedia.org/wiki/Catholic_Church 3. On the right, click on "Vatican City" (below the picture) 4. Crash tab I'm not really sure if this is a security bug, because I don't have a Mac ASAN build to check this crash. Crash/b8419320d3339d10 Crash/87c1d37bfe296552
,
Feb 5 2018
I'm able to reproduce the crash only with enabling --enable-experimental-web-platform-features.
,
Feb 5 2018
ellyjones: Can you please find a person to handle this? Thanks! I suspect it may not be a security bug, but will await further investigation from you/your crew.
,
Feb 6 2018
The crashing stack is identical to 809142, so I'm marking this as a duplicate of that. This bug is only present with --enable-experimental-web-platform-features & is a deliberate crash (via ZombieObjectCrash) when trying to access a freed object. I think the overall security risk of it is quite low.
,
May 15 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by elawrence@chromium.org
, Feb 5 2018