Update example bug for browser memory corruption in severity guidelines 319125 is a straightforward browser memory corruption bug where an IPC handler blindly trusts data from the renderer, forgetting that one of the types of data that can be set is a raw pointer ^_^ Change-Id: I14a37f1882c06edc56e5d4d2f7c1d0444869bec4 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1790480 Commit-Queue: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Emily Stark <estark@chromium.org> Cr-Commit-Position: refs/heads/master@{#694943}

commit: 62a44a8fbce598d9924c36a54088045e68a169c7 [log] [tgz]
author: Daniel Cheng <dcheng@chromium.org> Mon Sep 09 22:15:36 2019
committer: Commit Bot <commit-bot@chromium.org> Mon Sep 09 22:15:36 2019
tree: 177f0d34f6d53d933aa5a22eaa1bcc78caf90eb6
parent: 2219572e33b7d45d20982f8376fdc6e9ae00869b [diff] [blame]
diff --git a/docs/security/severity-guidelines.md b/docs/security/severity-guidelines.md
index 1ce2b1e..d108a231 100644
--- a/docs/security/severity-guidelines.md
+++ b/docs/security/severity-guidelines.md

@@ -37,7 +37,7 @@
 
 Example bugs:
 
-* Memory corruption in the browser process ([564501](https://crbug.com/564501)).
+* Memory corruption in the browser process ([319125](https://crbug.com/319125#c10)).
 * Exploit chains made up of multiple bugs that can lead to code execution
   outside of the sandbox ([416449](https://crbug.com/416449)).
 * A bug that enables web content to read local files
commit	62a44a8fbce598d9924c36a54088045e68a169c7	[log] [tgz]
author	Daniel Cheng <dcheng@chromium.org>	Mon Sep 09 22:15:36 2019
committer	Commit Bot <commit-bot@chromium.org>	Mon Sep 09 22:15:36 2019
tree	177f0d34f6d53d933aa5a22eaa1bcc78caf90eb6
parent	2219572e33b7d45d20982f8376fdc6e9ae00869b [diff] [blame]