Internet Bug Bounty: Use After Free in Flash MessageChannel.send can cause arbitrary code execution

Sending messages between workers while having the animation reloaded can cause an object to be freed while a reference remains in memory. An attacker can use this issue to control eip and potentially execute arbitrary code. Identified as CVE-2015-0320, and reported to Adobe via Chrome VRP:...

Internet Bug Bounty: Use after free during the StageVideoAvailabilityEvent can result in arbitrary code execution

An attacker can register the StageVideoAvailabilityEvent and have the SWF movie reloaded at the same time with LoadMovie. During this process, an object may be freed allowing the attacker to take control of the code flow. Identified as CVE-2015-0315, and reported to Adobe via Chrome VRP:...

Internet Bug Bounty: Race condition in workers may cause an exploitable double free by abusing bytearray.compress()

The issue occurs while sharing a bytearray between two workers. If one worker calls bytearray.compress while the other uses that bytearray, Flash does not correctly handle the race and may double free the array. Identified as CVE-2015-0312, and reported to Adobe via Chrome VRP:...

Internet Bug Bounty: Race condition in Flash workers may cause an exploitabl​e double free

The issue occurs while sharing a bytearray between two workers. If both call bytearray.clear at the same time, Flash does not correctly handle the race and may double free the array. Indentified as CVE-2014-0574, and reported to Adobe via Chrome VRP:...

Stable Channel Update for Chrome OS

The Stable channel has been updated to 33.0.1750.152 Platform version: 5116.115.4/5116.115.5 for all devices. This build contains security fixes for Pwnium. Systems will be receiving the updates over the next few days. Security Fixes and Rewards Congratulations to geohot for an epic Pwnium...