Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close


Published: 22 March 2012

Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the sandbox protection mechanism by leveraging access to a sandboxed process, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary affected product may be clarified later; it was not identified by the researcher, who reportedly stated "it really doesn't matter if it's third-party code."


Google claims this is a flash bug, VUPEN claims it isn't and that
Google is simply speculating. VUPEN won't release the exploit to Google to
fix it, and access to the exploit is behind a paywall, so there is nothing to
do. Marking deferred for now. Will re-open if new information is available.




Package Release Status
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Ignored
(end of life, was deferred)
maverick Ignored
(end of life)
natty Ignored
(end of life)
oneiric Ignored
(end of life, was deferred)
precise Ignored
(end of life, was deferred)
quantal Ignored
(end of life, was deferred)
upstream Needs triage