Security: stack-buffer-underflow in Break
Reported by
zhouzhen...@gmail.com,
Jul 10
|
|||||||||||||
Issue description
VULNERABILITY DETAILS
This issue was found by fuzzing against a 64-bit asan linux build of filter_fuzz_stub.
VERSION
Chrome Version: beta-68.0.3440.42 / stable-67.0.3396.87
Operating System: Ubuntu 16.04.3 LTS
REPRODUCTION CASE
~/asan-linux-beta-68.0.3440.42 $ ./filter_fuzz_stub /tmp/poc2.fil
[0710/093902.008403:INFO:filter_fuzz_stub.cc(60)] Test case: /tmp/poc2.fil
[0710/093902.178103:INFO:filter_fuzz_stub.cc(37)] Valid stream detected.
=================================================================
==9442==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7f4291390b1a at pc 0x000000655c54 bp 0x7fffb752a4f0 sp 0x7fffb752a4e8
WRITE of size 1 at 0x7f4291390b1a thread T0
#0 0x655c53 in Break third_party/skia/src/core/SkAntiRun.h:154:26
#1 0x655c53 in SkRgnClipBlitter::blitAntiH(int, int, unsigned char const*, short const*) third_party/skia/src/core/SkBlitter.cpp:619
#2 0x9063d8 in blit_aaa_trapezoid_row(AdditiveBlitter*, int, int, int, int, int, int, int, unsigned char, unsigned char*, bool, bool, bool) third_party/skia/src/core/SkScan_AAAPath.cpp:789:40
#3 0x8f190e in blit_trapezoid_row third_party/skia/src/core/SkScan_AAAPath.cpp
#4 0x8f190e in aaa_walk_convex_edges third_party/skia/src/core/SkScan_AAAPath.cpp:1175
#5 0x8f190e in aaa_fill_path third_party/skia/src/core/SkScan_AAAPath.cpp:1658
#6 0x8f190e in SkScan::AAAFillPath(SkPath const&, SkBlitter*, SkIRect const&, SkIRect const&, bool) third_party/skia/src/core/SkScan_AAAPath.cpp:1702
#7 0x91af31 in SkScan::AntiFillPath(SkPath const&, SkRegion const&, SkBlitter*, bool, SkDAARecord*) third_party/skia/src/core/SkScan_AntiPath.cpp:807:9
#8 0x91c9ca in SkScan::AntiFillPath(SkPath const&, SkRasterClip const&, SkBlitter*, SkDAARecord*) third_party/skia/src/core/SkScan_AntiPath.cpp:846:9
#9 0x70f975 in SkDraw::drawDevPath(SkPath const&, SkPaint const&, bool, SkBlitter*, bool, SkInitOnceData*) const third_party/skia/src/core/SkDraw.cpp:1024:9
#10 0x7114f8 in SkDraw::drawPath(SkPath const&, SkPaint const&, SkMatrix const*, bool, bool, SkBlitter*, SkInitOnceData*) const third_party/skia/src/core/SkDraw.cpp:1141:11
#11 0x70e215 in drawPath third_party/skia/src/core/SkDraw.h:58:15
#12 0x70e215 in draw_rect_as_path(SkDraw const&, SkRect const&, SkPaint const&, SkMatrix const*) third_party/skia/src/core/SkDraw.cpp:739
#13 0x70d4c8 in SkDraw::drawRect(SkRect const&, SkPaint const&, SkMatrix const*, SkRect const*) const third_party/skia/src/core/SkDraw.cpp:766:9
#14 0x713bd9 in SkDraw::drawBitmap(SkBitmap const&, SkMatrix const&, SkRect const*, SkPaint const&) const third_party/skia/src/core/SkDraw.h
#15 0x63871c in SkBitmapDevice::drawBitmap(SkBitmap const&, SkMatrix const&, SkRect const*, SkPaint const&) third_party/skia/src/core/SkBitmapDevice.cpp:437:5
#16 0x63819e in SkBitmapDevice::drawBitmap(SkBitmap const&, float, float, SkPaint const&) third_party/skia/src/core/SkBitmapDevice.cpp:419:11
#17 0x6fcd8b in SkBaseDevice::drawImage(SkImage const*, float, float, SkPaint const&) third_party/skia/src/core/SkDevice.cpp:186:15
#18 0x6a36df in SkCanvas::onDrawImage(SkImage const*, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2231:27
#19 0x69749e in SkCanvas::drawImage(SkImage const*, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:1714:11
#20 0x883450 in draw<SkRecords::DrawImage> third_party/skia/src/core/SkRecordDraw.cpp:96:1
#21 0x883450 in operator()<SkRecords::DrawImage> third_party/skia/src/core/SkRecordDraw.h:62
#22 0x883450 in decltype ({parm#1}((SkRecords::NoOp)())) SkRecord::Record::visit<SkRecords::Draw&>(SkRecords::Draw&) const third_party/skia/src/core/SkRecord.h:165
#23 0x88138a in visit<SkRecords::Draw &> third_party/skia/src/core/SkRecord.h:42:28
#24 0x88138a in SkRecordDraw(SkRecord const&, SkCanvas*, SkPicture const* const*, SkDrawable* const*, int, SkBBoxHierarchy const*, SkPicture::AbortCallback*) third_party/skia/src/core/SkRecordDraw.cpp:52
#25 0x62926a in SkBigPicture::playback(SkCanvas*, SkPicture::AbortCallback*) const third_party/skia/src/core/SkBigPicture.cpp:33:5
#26 0x6b0c2d in SkCanvas::onDrawPicture(SkPicture const*, SkMatrix const*, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2797:14
#27 0x6b04ea in SkCanvas::drawPicture(SkPicture const*, SkMatrix const*, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2777:15
#28 0xb3b0d4 in drawPicture third_party/skia/include/core/SkCanvas.h:2141:15
#29 0xb3b0d4 in drawPicture third_party/skia/include/core/SkCanvas.h:2153
#30 0xb3b0d4 in SkPictureImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/effects/SkPictureImageFilter.cpp:119
#31 0x75cef3 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:207:40
#32 0x761b73 in SkImageFilter::filterInput(int, SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:490:41
#33 0xb253cd in SkMergeImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/effects/SkMergeImageFilter.cpp:48:27
#34 0x75cef3 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:207:40
#35 0x761b73 in SkImageFilter::filterInput(int, SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:490:41
#36 0xad485b in SkColorFilterImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/effects/SkColorFilterImageFilter.cpp:66:39
#37 0x75cef3 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:207:40
#38 0x63bde2 in SkBitmapDevice::drawSpecial(SkSpecialImage*, int, int, SkPaint const&, SkImage*, SkMatrix const&) third_party/skia/src/core/SkBitmapDevice.cpp:658:33
#39 0x68d43d in SkCanvas::internalDrawDevice(SkBaseDevice*, int, int, SkPaint const*, SkImage*, SkMatrix const&) third_party/skia/src/core/SkCanvas.cpp:1260:25
#40 0x6891c2 in SkCanvas::internalRestore() third_party/skia/src/core/SkCanvas.cpp:1148:19
#41 0x6a52fb in ~AutoDrawLooper third_party/skia/src/core/SkCanvas.cpp:429:22
#42 0x6a52fb in SkCanvas::onDrawBitmap(SkBitmap const&, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2313
#43 0x6999dc in SkCanvas::drawBitmap(SkBitmap const&, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:1817:11
#44 0x6188b8 in RunTestCase skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:47:13
#45 0x6188b8 in ReadAndRunTestCase skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:66
#46 0x6188b8 in main skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:86
#47 0x7f4294bfa82f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
Address 0x7f4291390b1a is located in stack of thread T0 at offset 26 in frame
#0 0x90380f in blit_aaa_trapezoid_row(AdditiveBlitter*, int, int, int, int, int, int, int, unsigned char, unsigned char*, bool, bool, bool) third_party/skia/src/core/SkScan_AAAPath.cpp:702
This frame has 1 object(s):
[32, 160) 'quickMemory' (line 718) <== Memory access at offset 26 underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow third_party/skia/src/core/SkAntiRun.h:154:26 in Break
Shadow bytes around the buggy address:
0x0fe8d226a110: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe8d226a120: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe8d226a130: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe8d226a140: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe8d226a150: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe8d226a160: f1 f1 f1[f1]00 00 00 00 00 00 00 00 00 00 00 00
0x0fe8d226a170: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x0fe8d226a180: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe8d226a190: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe8d226a1a0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe8d226a1b0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
Shadow gap: cc
==9442==ABORTING
~/asan-linux-stable-67.0.3396.87$ ./filter_fuzz_stub /tmp/poc2.fil
[0710/094024.815128:INFO:filter_fuzz_stub.cc(60)] Test case: /tmp/poc2.fil
[0710/094024.890139:INFO:filter_fuzz_stub.cc(37)] Valid stream detected.
=================================================================
==9476==ERROR: AddressSanitizer: stack-buffer-underflow on address 0x7f1ec5b8041a at pc 0x000000623b73 bp 0x7fff578605b0 sp 0x7fff578605a8
WRITE of size 1 at 0x7f1ec5b8041a thread T0
#0 0x623b72 in Break third_party/skia/src/core/SkAntiRun.h:154:26
#1 0x623b72 in SkRgnClipBlitter::blitAntiH(int, int, unsigned char const*, short const*) third_party/skia/src/core/SkBlitter.cpp:556
#2 0x8d0668 in blit_aaa_trapezoid_row(AdditiveBlitter*, int, int, int, int, int, int, int, unsigned char, unsigned char*, bool, bool, bool) third_party/skia/src/core/SkScan_AAAPath.cpp:789:40
#3 0x8bbb0a in blit_trapezoid_row third_party/skia/src/core/SkScan_AAAPath.cpp
#4 0x8bbb0a in aaa_walk_convex_edges third_party/skia/src/core/SkScan_AAAPath.cpp:1175
#5 0x8bbb0a in aaa_fill_path third_party/skia/src/core/SkScan_AAAPath.cpp:1670
#6 0x8bbb0a in SkScan::AAAFillPath(SkPath const&, SkBlitter*, SkIRect const&, SkIRect const&, bool) third_party/skia/src/core/SkScan_AAAPath.cpp:1714
#7 0x8e5265 in SkScan::AntiFillPath(SkPath const&, SkRegion const&, SkBlitter*, bool, SkDAARecord*) third_party/skia/src/core/SkScan_AntiPath.cpp:807:9
#8 0x8e6cca in SkScan::AntiFillPath(SkPath const&, SkRasterClip const&, SkBlitter*, SkDAARecord*) third_party/skia/src/core/SkScan_AntiPath.cpp:846:9
#9 0x6e1204 in SkDraw::drawDevPath(SkPath const&, SkPaint const&, bool, SkBlitter*, bool, SkInitOnceData*) const third_party/skia/src/core/SkDraw.cpp:1022:9
#10 0x6e2b4d in SkDraw::drawPath(SkPath const&, SkPaint const&, SkMatrix const*, bool, bool, SkBlitter*, SkInitOnceData*) const third_party/skia/src/core/SkDraw.cpp:1136:11
#11 0x6e01e8 in drawPath third_party/skia/src/core/SkDraw.h:58:15
#12 0x6e01e8 in draw_rect_as_path(SkDraw const&, SkRect const&, SkPaint const&, SkMatrix const*) third_party/skia/src/core/SkDraw.cpp:739
#13 0x6df505 in SkDraw::drawRect(SkRect const&, SkPaint const&, SkMatrix const*, SkRect const*) const third_party/skia/src/core/SkDraw.cpp:766:9
#14 0x6e51de in SkDraw::drawBitmap(SkBitmap const&, SkMatrix const&, SkRect const*, SkPaint const&) const third_party/skia/src/core/SkDraw.h
#15 0x6081cc in SkBitmapDevice::drawBitmap(SkBitmap const&, SkMatrix const&, SkRect const*, SkPaint const&) third_party/skia/src/core/SkBitmapDevice.cpp:352:5
#16 0x607ee4 in SkBitmapDevice::drawBitmap(SkBitmap const&, float, float, SkPaint const&) third_party/skia/src/core/SkBitmapDevice.cpp:347:11
#17 0x6cf45b in SkBaseDevice::drawImage(SkImage const*, float, float, SkPaint const&) third_party/skia/src/core/SkDevice.cpp:188:15
#18 0x66d5ff in SkCanvas::onDrawImage(SkImage const*, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2177:27
#19 0x661b70 in SkCanvas::drawImage(SkImage const*, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:1691:11
#20 0x854284 in draw<SkRecords::DrawImage> third_party/skia/src/core/SkRecordDraw.cpp:96:1
#21 0x854284 in operator()<SkRecords::DrawImage> third_party/skia/src/core/SkRecordDraw.h:62
#22 0x854284 in decltype ({parm#1}((SkRecords::NoOp)())) SkRecord::Record::visit<SkRecords::Draw&>(SkRecords::Draw&) const third_party/skia/src/core/SkRecord.h:165
#23 0x85243a in visit<SkRecords::Draw &> third_party/skia/src/core/SkRecord.h:42:28
#24 0x85243a in SkRecordDraw(SkRecord const&, SkCanvas*, SkPicture const* const*, SkDrawable* const*, int, SkBBoxHierarchy const*, SkPicture::AbortCallback*) third_party/skia/src/core/SkRecordDraw.cpp:52
#25 0x5f9d2f in SkBigPicture::playback(SkCanvas*, SkPicture::AbortCallback*) const third_party/skia/src/core/SkBigPicture.cpp:33:5
#26 0x67b2dd in SkCanvas::onDrawPicture(SkPicture const*, SkMatrix const*, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2771:14
#27 0x67ab9f in SkCanvas::drawPicture(SkPicture const*, SkMatrix const*, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2751:15
#28 0xafd3ea in drawPicture third_party/skia/include/core/SkCanvas.h:2128:15
#29 0xafd3ea in drawPicture third_party/skia/include/core/SkCanvas.h:2140
#30 0xafd3ea in SkPictureImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/effects/SkPictureImageFilter.cpp:118
#31 0x731e30 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:213:40
#32 0x737390 in SkImageFilter::filterInput(int, SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:514:41
#33 0xae7bed in SkMergeImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/effects/SkMergeImageFilter.cpp:47:27
#34 0x731e30 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:213:40
#35 0x737390 in SkImageFilter::filterInput(int, SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:514:41
#36 0xa9854b in SkColorFilterImageFilter::onFilterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/effects/SkColorFilterImageFilter.cpp:65:39
#37 0x731e30 in SkImageFilter::filterImage(SkSpecialImage*, SkImageFilter::Context const&, SkIPoint*) const third_party/skia/src/core/SkImageFilter.cpp:213:40
#38 0x60aea4 in SkBitmapDevice::drawSpecial(SkSpecialImage*, int, int, SkPaint const&, SkImage*, SkMatrix const&) third_party/skia/src/core/SkBitmapDevice.cpp:550:33
#39 0x657b0d in SkCanvas::internalDrawDevice(SkBaseDevice*, int, int, SkPaint const*, SkImage*, SkMatrix const&) third_party/skia/src/core/SkCanvas.cpp:1237:25
#40 0x653a90 in SkCanvas::internalRestore() third_party/skia/src/core/SkCanvas.cpp:1125:19
#41 0x66f21b in ~AutoDrawLooper third_party/skia/src/core/SkCanvas.cpp:429:22
#42 0x66f21b in SkCanvas::onDrawBitmap(SkBitmap const&, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:2259
#43 0x663a83 in SkCanvas::drawBitmap(SkBitmap const&, float, float, SkPaint const*) third_party/skia/src/core/SkCanvas.cpp:1765:11
#44 0x5e9008 in RunTestCase skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:47:13
#45 0x5e9008 in ReadAndRunTestCase skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:66
#46 0x5e9008 in main skia/tools/filter_fuzz_stub/filter_fuzz_stub.cc:86
#47 0x7f1ec99e282f in __libc_start_main /build/glibc-bfm8X4/glibc-2.23/csu/../csu/libc-start.c:291
Address 0x7f1ec5b8041a is located in stack of thread T0 at offset 26 in frame
#0 0x8cda9f in blit_aaa_trapezoid_row(AdditiveBlitter*, int, int, int, int, int, int, int, unsigned char, unsigned char*, bool, bool, bool) third_party/skia/src/core/SkScan_AAAPath.cpp:702
This frame has 1 object(s):
[32, 160) 'quickMemory' (line 718) <== Memory access at offset 26 underflows this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
(longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-buffer-underflow third_party/skia/src/core/SkAntiRun.h:154:26 in Break
Shadow bytes around the buggy address:
0x0fe458b68030: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe458b68040: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe458b68050: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe458b68060: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe458b68070: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x0fe458b68080: f1 f1 f1[f1]00 00 00 00 00 00 00 00 00 00 00 00
0x0fe458b68090: 00 00 00 00 f3 f3 f3 f3 00 00 00 00 00 00 00 00
0x0fe458b680a0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe458b680b0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe458b680c0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
0x0fe458b680d0: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==9476==ABORTING
testcase is in the attachment.
,
Jul 12
I can reproduce at 68.0.3440.42 but not on ToT so it's possible this has been fixed already. Hopefully a Skia person can investigate and tell for sure.
,
Jul 13
,
Jul 18
I confirm it reproduced at asan-linux-beta-68.0.3440.59
,
Jul 18
After https://crrev.com/73d6ab7591233267978a6205b3d72efcff3519c9 I can't reproduce it. So the root cause maybe the same as Bug: 850350
,
Jul 24
hcm: Uh oh! This issue still open and hasn't been updated in the last 14 days. This is a serious vulnerability, and we want to ensure that there's progress. Could you please leave an update with the current status and any potential blockers? If you're not the right owner for this issue, could you please remove yourself as soon as possible or help us find the right one? If the issue is fixed or you can't reproduce it, please close the bug. If you've started working on a fix, please set the status to Started. Thanks for your time! To disable nags, add the Disable-Nags label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Jul 25
,
Jul 27
,
Aug 6
Yes, we think related and expect this is now fixed.
,
Aug 7
,
Aug 8
,
Aug 9
,
Aug 9
This bug requires manual review: M69 has already been promoted to the beta branch, so this requires manual review Please contact the milestone owner if you have questions. Owners: amineer@(Android), kariahda@(iOS), cindyb@(ChromeOS), govind@(Desktop) For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Aug 9
awhalley@ (Security TPM) for M69 merge review
,
Aug 9
,
Aug 13
,
Aug 15
awhalley@ I wonder if this issue can be assgined with a cve id, thank you
,
Aug 16
issue 850350 will be assigned a CVE when Chrome 69 goes stable. Cheers!
,
Nov 12
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||
►
Sign in to add a comment |
|||||||||||||
Comment 1 by est...@chromium.org
, Jul 10Owner: hcm@chromium.org
Status: Assigned (was: Unconfirmed)