vulnerability-research

3 posts
GitHub
SecuritySupply-chain-securityCVEGitHub-Security-Labvulnerability-research
Securing the open source supply chain: The essential role of CVEs

Vulnerability data has grown in volume and complexity over the past decade, but open source and programs like the Github Security Lab have helped supply chain security keep pace. The post Securing the open source supply chain: The essential role of CVEs appeared first on The GitHub Blog.

Madison Oliver10/21/2024
GitHub
SecurityVulnerability-researchChromeexploit-developmentGitHub-Security-Labvulnerability-research
From object transition to RCE in the Chrome renderer

In this post, I'll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post From object transition to RCE in the Chrome renderer appeared first on The GitHub Blog.

Man Yue Mo8/13/2024
GitHub
Securityexploit-developmentGitHub-Security-Labvulnerability-research
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site. The post Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties appeared first on The GitHub Blog.

Man Yue Mo6/26/2024