1 files changed, 7 insertions, 2 deletions

diff --git a/chromium/docs/security/severity-guidelines.md b/chromium/docs/security/severity-guidelines.md
index 7e0d6fb4587..30820436610 100644
--- a/chromium/docs/security/severity-guidelines.md
+++ b/chromium/docs/security/severity-guidelines.md
@@ -61,7 +61,8 @@ Bugs which would normally be
 critical severity with unusual mitigating factors may be rated as high severity.
 For example, renderer sandbox escapes fall into this category as their impact is
 that of a critical severity bug, but they require the precondition of a
-compromised renderer.
+compromised renderer. (Bugs which involve using [MojoJS](../../mojo/public/js/README.md)
+to trigger an exploitable browser process crash usually fall into this category).
 
 They are normally assigned priority **Pri-1** and assigned to the current stable
 milestone (or earliest milestone affected). For high severity bugs,
@@ -152,5 +153,9 @@ Example bugs:
 * An uncontrolled single-byte out-of-bounds read
 ([128163](https://crbug.com/128163)).
 
+
+## Not a security bug {#TOC-Not-a-security-bug}
+
 The [security FAQ](faq.md) covers many of the cases that we do not consider to
-be security bugs, such as [denial of service](faq.md#TOC-Are-denial-of-service-issues-considered-security-bugs-).
+be security bugs, such as [denial of service](faq.md#TOC-Are-denial-of-service-issues-considered-security-bugs-)
+and, in particular, null pointer dereferences with consistent fixed offsets.