Call out cross-site data disclosure as a high-severity security bug.

Change-Id: Ide1b92ea746db1bee5c6cc9f12bbbc875fa58341 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1790380 Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#698638}

Call out cross-site data disclosure as a high-severity security bug.
Change-Id: Ide1b92ea746db1bee5c6cc9f12bbbc875fa58341 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1790380 Commit-Queue: Łukasz Anforowicz <lukasza@chromium.org> Reviewed-by: Charlie Reis <creis@chromium.org> Cr-Commit-Position: refs/heads/master@{#698638}
33b14350 · Lukasz Anforowicz · Commit Bot · 7e871f14 · 33b14350
Commit 33b14350 authored Sep 20, 2019 by Lukasz Anforowicz Committed by Commit Bot Sep 20, 2019
Hide whitespace changes
Inline Side-by-side

Showing with 5 additions and 2 deletions

docs/security/severity-guidelines.md docs/security/severity-guidelines.md +5 -2

No files found.
--- a/docs/security/severity-guidelines.md
+++ b/docs/security/severity-guidelines.md
@@ -82,8 +82,11 @@ compromised renderer, leading to a sandbox escape
 compromised renderer ([377392](https://crbug.com/377392)).
 * Memory corruption in the browser process that requires specific user
 interaction, such as granting a permission ([455735](https://crbug.com/455735)).
-* Cross-site execution contexts unexpectedly sharing a renderer process despite
-Site Isolation ([863069](https://crbug.com/863069)).
+* Site Isolation bypasses:
+    - Cross-site execution contexts unexpectedly sharing a renderer process
+      ([863069](https://crbug.com/863069), [886976](https://crbug.com/886976)).
+    - Cross-site data disclosure
+      ([917668](https://crbug.com/917668), [927849](https://crbug.com/927849)).


 ## Medium severity {#TOC-Medium-severity}