New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 828596 link

Starred by 1 user

Issue metadata

Status: Duplicate
Merged: issue 828524
Owner: ----
Closed: Apr 2018
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Chrome , Mac
Pri: ----
Type: Bug-Security
Proj-Servicification



Sign in to add a comment

Heap-use-after-free in safe_browsing::SafeBrowsingService::ShutDown

Project Member Reported by ClusterFuzz, Apr 3 2018

Issue description

Detailed report: https://clusterfuzz.com/testcase?key=6543195081801728

Fuzzer: attekett_webaudio_fuzzer
Job Type: linux_asan_chrome_chromeos
Platform Id: linux

Crash Type: Heap-use-after-free WRITE 4
Crash Address: 0x60a000c15968
Crash State:
  safe_browsing::SafeBrowsingService::ShutDown
  BrowserProcessImpl::StartTearDown
  ChromeBrowserMainParts::PostMainMessageLoopRun
  
Sanitizer: address (ASAN)

Recommended Security Severity: Critical

Regressed: https://clusterfuzz.com/revisions?job=linux_asan_chrome_chromeos&range=547672:547674

Reproducer Testcase: https://clusterfuzz.com/download?testcase_id=6543195081801728

Issue filed automatically.

See https://github.com/google/clusterfuzz-tools for more information.
 
Project Member

Comment 1 by ClusterFuzz, Apr 3 2018

Labels: OS-Mac OS-Linux
Cc: jam@chromium.org
Components: Internals>Services>Network Services>Safebrowsing
Labels: M-67
Maybe related to https://bugs.chromium.org/p/chromium/issues/detail?id=828524

Since both Heap-use-after-free related to network context. 


Cc: jialiul@chromium.org

Comment 4 by jam@chromium.org, Apr 3 2018

Mergedinto: 828524
Status: Duplicate (was: Untriaged)
Project Member

Comment 5 by sheriffbot@chromium.org, Apr 4 2018

Labels: -reward-topanel reward-ineligible
 Issue 828716  has been merged into this issue.
Project Member

Comment 7 by sheriffbot@chromium.org, Jul 12

Labels: -Restrict-View-SecurityTeam allpublic
This bug has been closed for more than 14 weeks. Removing security view restrictions.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment