Call out Site Isolation bypass as a high severity security bug.
Change-Id: I235ab9a5c12203c358b9d05e542f80dfda8ed5a9
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1704868
Commit-Queue: Andrew Whalley <awhalley@chromium.org>
Reviewed-by: Charlie Reis <creis@chromium.org>
Cr-Commit-Position: refs/heads/master@{#679314}
diff --git a/docs/security/severity-guidelines.md b/docs/security/severity-guidelines.md
index 3937ba83..1ce2b1e 100644
--- a/docs/security/severity-guidelines.md
+++ b/docs/security/severity-guidelines.md
@@ -50,7 +50,8 @@
## High severity {#TOC-High-severity}
High severity vulnerabilities allow an attacker to execute code in the context
-of, or otherwise impersonate other origins. Bugs which would normally be
+of, or otherwise impersonate other origins or read cross-origin data.
+Bugs which would normally be
critical severity with unusual mitigating factors may be rated as high severity.
For example, renderer sandbox escapes fall into this category as their impact is
that of a critical severity bug, but they require the precondition of a
@@ -81,6 +82,8 @@
compromised renderer ([377392](https://crbug.com/377392)).
* Memory corruption in the browser process that requires specific user
interaction, such as granting a permission ([455735](https://crbug.com/455735)).
+* Cross-site execution contexts unexpectedly sharing a renderer process despite
+Site Isolation ([863069](https://crbug.com/863069)).
## Medium severity {#TOC-Medium-severity}
