浏览器安全
NV8漏洞在《DOTA2》游戏中被利用
当我们想到V8的漏洞时,首先想到的可能是复杂的浏览器零日漏洞链。虽然浏览器可能是V8最有喜欢的攻击目标,但除了浏览器之外,这个开源JavaScript引擎也嵌入...
Issue 2373: Arm Mali CSF: kbase_kcpu_command_queue UAF in kbase_csf_kcpu_queue_enqueue()
Tested version VX504X08X-SW-99002-r40p0-01eac0. Tested using CONFIG_MALI_NO_MALI on X86-64. kbase_csf_kcpu_queue_enqueue() locks the kctx->csf....
Chrome v8 Issue 1307610漏洞及其利用分析
本文为看雪论坛优秀文章看雪论坛作者ID:苏啊树环境:Ubuntu 18.04GDBV8 9.9.115由于接触v8的时间的原因,导致对v8漏洞熟悉的大部分为Turbofan,IC模块的,类...
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
When we think about V8 exploits, the first things that come to mind are probably related to sophisticated browser zero-day exploit chains. While th...
1377816: Security: WebAssembly UAF in catch block with stale memory start pointer
VULNERABILITY DETAILS WebAssembly memory start and size are stored as wasm instance fields. The WasmGraphBuilder caches the corresponding TurboFan...
CVE-2022-4135: Chrome heap buffer overflow in validating command decoder
The Basics Disclosure or Patch Date: 24 November 2022 Product: Google Chrome Advisory: https://chromereleases.googleblog.com/2022/11/stable-chann...
CVE-2022-34689 - CryptoAPI spoofing vulnerability
CVE-2022-34689 - CryptoAPI spoofing vulnerability This is the git repository for our research into CVE-2022-34689. For more information about the v...
2381 - Chrome: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess - project-zero
ecialization::BuildElementAccess( Node* receiver, Node* index, Node* value, Node* effect, Node* control, Node* context, ElementAccessInfo const&a...
Firefox在野0day分析
RCE部分 在渲染进程通过一个JS脚本利用XSL对象解析的UAF漏洞执行远程ShellCode。 漏洞原理 利用程序首先定义一些XML,内部包含多个XSL对象。 随后调用tran...
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an in...