CVE-2023-25812 Allowed DELETE on resources on object locked buckets under Governance mode in Minio

Minio is a Multi-Cloud Object Storage framework. Affected versions do not correctly honor a Deny policy on ByPassGoverance. Ideally, minio should return "Access Denied" to all users attempting to DELETE a versionId with the special header X-Amz-Bypass-Governance-Retention: true. However, this was...

Design/Logic Flaw

Use-after-free vulnerability in the WebSocketDispatcherHost::SendOrDrop function in content/browser/rendererhost/websocketdispatcherhost.cc in the Web Sockets implementation in Google Chrome before 33.0.1750.149 might allow remote attackers to bypass the sandbox protection mechanism by leveraging...