Include bug cases where Chrome breaks OS security boundaries.

Change-Id: I17c60ddb3294cc16dd41ff54d86ca95a741aff61 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2284209 Reviewed-by: Max Moroz <mmoroz@chromium.org> Reviewed-by: Robert Sesek <rsesek@chromium.org> Reviewed-by: Adrian Taylor <adetaylor@chromium.org> Commit-Queue: Alex Gough <ajgo@chromium.org> Cr-Commit-Position: refs/heads/master@{#786321}
Denger-Network · Jul 8, 2020 · a98378c · a98378c
1 parent 96c9441
commit a98378c
Showing 1 changed file with 11 additions and 0 deletions.
diff --git a/docs/security/faq.md b/docs/security/faq.md
@@ -152,6 +152,17 @@ No. Chromium once contained a reflected XSS filter called the [XSSAuditor](https
 that was a best-effort second line of defense against reflected XSS flaws found
 in web sites. The XSS Auditor was [removed in Chrome 78](https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/TuYw-EZhO9g/blGViehIAwAJ).
 
+<a name="TOC-What-if-a-Chrome-component-breaks-an-OS-security-boundary-"</a>
+## What if a Chrome component breaks an OS security boundary?
+
+If Chrome or any of its components (e.g. updater) can be abused to
+perform a local privilege escalation, then it may be treated as a
+valid security vulnerability.
+
+Running any Chrome component with higher privileges than intended is
+not a security bug and we do not recommend running Chrome as an
+Administrator on Windows, or as root on POSIX.
+
 <a name="TOC-Why-aren-t-physically-local-attacks-in-Chrome-s-threat-model-"></a>
 ## Why aren't physically-local attacks in Chrome's threat model?