browser/renderer_host/database_dispatcher_host.cc in Google Chrome before
5.0.375.70 on Linux does not properly handle ViewHostMsg_DatabaseOpenFile
messages in chroot-based sandboxing, which allows remote attackers to
bypass intended sandbox restrictions via vectors involving fchdir and chdir
calls.
Author | Note |
---|---|
mdeslaur | chromium-specific |