exploit-development

4 posts
GitHub
SecurityVulnerability-researchChromeexploit-developmentGitHub-Security-Labvulnerability-research
From object transition to RCE in the Chrome renderer

In this post, I'll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post From object transition to RCE in the Chrome renderer appeared first on The GitHub Blog.

Man Yue Mo8/13/2024
GitHub
Securityexploit-developmentGitHub-Security-Labvulnerability-research
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties appeared first on The GitHub Blog.

Man Yue Mo6/26/2024
GitHub
CompanySecurityChromeexploit-developmentGitHub-Security-Lab
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

In this post, I'll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post Getting RCE in Chrome with incomplete object initialization in the Maglev compiler appeared first on The GitHub Blog.

Man Yue Mo10/17/2023
GitHub
SecurityChromeexploit-developmentGitHub-Security-Lab
Getting RCE in Chrome with incorrect side effect in the JIT compiler

In this post, I'll exploit CVE-2023-3420, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post Getting RCE in Chrome with incorrect side effect in the JIT compiler appeared first on The GitHub Blog.

Man Yue Mo9/26/2023