My favorites | Sign in
Google
Project Home
  
Downloads
  
Wiki
  
Issues
  
Source
    
New issue | Search
for
| Advanced search | Search tips
Issue 57: Browser Plugin SRPC Type Confusion Infoleak
3 people starred this issue and may be notified of changes. Back to list
Status:  Fixed
Owner:  s...@google.com
Closed:  Apr 2009
Security-Contest
Type-Defect


Sign in to add a comment
 
Reported by mark.dowd, Mar 12, 2009 
Team: Beached As

The Browser Plugin has a type confusion vulnerability when setting the
various integer properties (such as the height) of a NaCl object from
javascript. Due to a validation error, it is possible to set integer
properties with objects, and then read them back to find out the location
in memory of the allocated object.
srpc_infoleak1_height.zip
3.6 KB   Download
Comment 1 by nativeclient.admin, Mar 12, 2009 
Verified as an issue.
Status: Accepted
Labels: Type-Defect
Comment 2 by nativeclient.admin, Mar 12, 2009 
(No comment was entered for this change.)
Owner: s...@google.com
Comment 3 by nativeclient.admin, Apr 10, 2009 
Fix was released in build 57.
Status: Fixed
Sign in to add a comment