From c30a6232df03e1efbd9f3b226777b07e087a1122 Mon Sep 17 00:00:00 2001 From: Allan Sandfeld Jensen Date: Mon, 12 Oct 2020 14:27:29 +0200 Subject: BASELINE: Update Chromium to 85.0.4183.140 Change-Id: Iaa42f4680837c57725b1344f108c0196741f6057 Reviewed-by: Allan Sandfeld Jensen --- chromium/docs/security/sheriff.md | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) (limited to 'chromium/docs/security/sheriff.md') diff --git a/chromium/docs/security/sheriff.md b/chromium/docs/security/sheriff.md index 897fa7a5cd9..c4418c980fe 100644 --- a/chromium/docs/security/sheriff.md +++ b/chromium/docs/security/sheriff.md @@ -248,11 +248,12 @@ the assessment? Be especially on the lookout for Highs that are really Criticals, and Lows that are really Mediums (make sure to account for process types and sandbox boundaries). -For V8 issues, it can be hard to identify the correct security severity. If -you're not sure, please take your best guess, and add the -`Security_Needs_Attention-Severity` label alongside the regular -`Security_Severity-*` label. If you do this, the V8 team will check the -severity later and change it if necessary. +For V8 issues, it can be hard to identify the correct security severity. +Always set the severity to High unless there's strong evidence of an obvious +mitigation. Please add the `Security_Needs_Attention-Severity` label alongside +the regular `Security_Severity-*` label. If the bug is not exploitable, or is +mitigated, the V8 team will reduce the security severity (to avoid unnecessary +risk of merging the bug into stable branches). #### Step 3. [Label, label, label](security-labels.md). -- cgit v1.2.1