Note MojoJS severity explicitly.
Bug: 1075743
Change-Id: I27e93be594a567ead18fa0c548237fcd93cd6f7f
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2168517
Auto-Submit: Adrian Taylor <adetaylor@chromium.org>
Reviewed-by: Chris Palmer <palmer@chromium.org>
Commit-Queue: Chris Palmer <palmer@chromium.org>
Cr-Commit-Position: refs/heads/master@{#764512}
diff --git a/docs/security/severity-guidelines.md b/docs/security/severity-guidelines.md
index 058133a8..3082043 100644
--- a/docs/security/severity-guidelines.md
+++ b/docs/security/severity-guidelines.md
@@ -61,7 +61,8 @@
critical severity with unusual mitigating factors may be rated as high severity.
For example, renderer sandbox escapes fall into this category as their impact is
that of a critical severity bug, but they require the precondition of a
-compromised renderer.
+compromised renderer. (Bugs which involve using [MojoJS](../../mojo/public/js/README.md)
+to trigger an exploitable browser process crash usually fall into this category).
They are normally assigned priority **Pri-1** and assigned to the current stable
milestone (or earliest milestone affected). For high severity bugs,
