Chrome: Reference count leak in SwiftShader OpenGL texture bindings
Project Member Reported by firstname.lastname@example.org, Jun 4
Chrome issue: https://crbug.com/849217
Derestricting since the patch is public - fix shipping in M68. Since this was only reachable with the patch for issue 1566 , this shouldn't be exploitable in any stable release. (https://swiftshader.googlesource.com/SwiftShader.git/+/f398044f28a171ca7ab62858af35bf57b80c0b30)
Uploading the PoC exploit discussed in the blog post (https://googleprojectzero.blogspot.com/2018/10/heap-feng-shader-exploiting-swiftshader.html).
Sign in to add a comment