Since November I have been releasing details on all vulnerabilities I found that I have not released before. This is the 35th entry in the series. This information is available in more detail on my blog at http://ift.tt/2hROWD8. There you can find a repro that triggered this issue in addition to the information below, it also provides code snippets for the affected code, and a diagram that attempts to explain the memory layout. This advisory contains a lot more information about the root cause and how to exploit it, as Google Bug Bounties reward high quality bug-reports to a point where it is worth investigating a bug in detail. If you find these releases useful, and would like to help me make time to continue releasing this kind of information, you can make a donation in bitcoin to 183yyxa9s1s1f7JBpPHPmzQ346y91Rx5DX. Follow me on http://twitter.com/berendjanwever for daily browser bugs. Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR ============================================================== (CVE-2013-6627) Synopsis
Source: Gmail -> IFTTT-> Blogger
No comments:
Post a Comment