Hacker News new | ask | show | jobs
by StilesCrisis 122 days ago
It would also require a sandbox escape to be a meaningful vulnerability.

Unfortunately, "seen in the wild" likely means that they _also_ had a sandbox escape, which likely isn't revealed publicly because it's not a vulnerability in properly running execution (i.e., if the heap were not already corrupted, no vulnerability exists).
1 comments
staticassertion 122 days ago
I'd bet that the sandbox escape is just in the underlying operating system kernel and therefor isn't a matter for Chromium to issue a CVE.
link