The version of Chromium Embedded Framework included in the Linux client was susceptible to a v8 exploit that allowed modification of local files. The researcher demonstrated chaining local file modification to a local privilege escalation.
https://hackerone.com/reports/1974296