Better explain Critical severity bugs.
Bug: None
Change-Id: I9882e3338e74875a7804733b702c2fbe4d869d60
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/1616977
Reviewed-by: Andrew Whalley <[email protected]>
Commit-Queue: Chris Palmer <[email protected]>
Cr-Commit-Position: refs/heads/master@{#663319}
diff --git a/docs/security/severity-guidelines.md b/docs/security/severity-guidelines.md
index d718441c..9985d0f 100644
--- a/docs/security/severity-guidelines.md
+++ b/docs/security/severity-guidelines.md
@@ -18,8 +18,9 @@
## Critical severity {#TOC-Critical-severity}
-Critical severity issues allow an attacker run arbitrary code on the underlying
-platform with the user's privileges.
+Critical severity issues allow an attacker to read or write arbitrary resources
+(including but not limited to the file system, registry, network, et c.) on the
+underlying platform, with the user's full privileges.
They are normally assigned priority **Pri-0** and assigned to the current stable
milestone (or earliest milestone affected). For critical severity bugs,
@@ -37,7 +38,9 @@
* Memory corruption in the browser process ([564501](https://crbug.com/564501)).
* Exploit chains made up of multiple bugs that can lead to code execution
-outside of the sandbox ([416449](https://crbug.com/416449)).
+ outside of the sandbox ([416449](https://crbug.com/416449)).
+* A bug that enables web content to read local files
+ ([962500](https://crbug.com/962500)).
Note that the individual bugs that make up the chain will have lower severity
ratings.
