1
Candidate: CVE-2012-1845
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1845
5
http://www.zdnet.com/blog/security/pwn2own-2012-google-chrome-browser-sandbox-first-to-fall/10588
6
http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/
7
http://twitter.com/vupen/statuses/177576000761237505
8
http://pwn2own.zerodayinitiative.com/status.html
10
Use-after-free vulnerability in Google Chrome 17.0.963.66 and earlier
11
allows remote attackers to bypass the DEP and ASLR protection mechanisms,
12
and execute arbitrary code, via unspecified vectors, as demonstrated by
13
VUPEN during a Pwn2Own competition at CanSecWest 2012. NOTE: the primary
14
affected product may be clarified later; it was not identified by the
15
researcher, who reportedly stated "it really doesn't matter if it's
19
jdstrand> VUPEN won't release the exploit to Google to fix it, and access to
20
the exploit is behind a paywall, so there is nothing to do. Marking deferred
21
for now. Will re-open if new information is available.
27
Patches_chromium-browser:
28
upstream_chromium-browser: needed
29
hardy_chromium-browser: DNE
30
lucid_chromium-browser: deferred
31
maverick_chromium-browser: ignored (reached end-of-life)
32
natty_chromium-browser: ignored (reached end-of-life)
33
oneiric_chromium-browser: deferred
34
precise_chromium-browser: deferred
35
quantal_chromium-browser: deferred
36
devel_chromium-browser: deferred