CVE-2012-1846 (retired)

Google Chrome 17.0.963.66 and earlier allows remote attackers to bypass the
sandbox protection mechanism by leveraging access to a sandboxed process,
as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2012.
NOTE: the primary affected product may be clarified later; it was not
identified by the researcher, who reportedly stated "it really doesn't
matter if it's third-party code."
jdstrandGoogle claims this is a flash bug, VUPEN claims it isn't and that
Google is simply speculating. VUPEN won't release the exploit to Google to
fix it, and access to the exploit is behind a paywall, so there is nothing to
do. Marking deferred for now. Will re-open if new information is available.
More Information

Updated: 2019-10-09 07:41:45 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)