浏览器安全

N2358 - Chrome: heap-use-after-free in blink::LocalFrameView::PerformLayout (incomplete fix for CVE-2022-3199) - project-zero

if (!LayoutFromRootObject(*root)) // *** 3 *** continue; if (should_rebuild_fragments) cb->RebuildFragmentTreeSpine(); // We need to ensur...

NChrome renderer RCE CVE-2022-1134

#Chrome renderer RCE CVE-2022-1134 The write up can be found here. This is a bug in the v8 that I reported in March 2022. This bug allows RCE in th...

Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan

In my previous post “Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals”, we took our first deep dive into the world ...

G.O.S.S.I.P 阅读推荐 2022-11-14 FuzzJIT

今天为大家推荐的是由天津大学网络安全学院王俊杰研究团队与奇安信代码安全实验室、澳大利亚莫那什大学研究人员共同合作的论文–FuzzJIT: Oracle-Enhanced Fuz...

v8 JIT fuzz

最近看到有两篇关于js engine jit fuzz 的论文 'JIT-Picking: Differential Fuzzing of JavaScript Engines' 和'FuzzJIT: Oracl-Enhanced Fuzzing for JavaSc...

fuzzilli IL compiler 适配ubuntu 20.04

fuzzilli IL compiler 是将javascript 编译为fuzzilli 中间语言的工具,可以在fuzz 时导入到fuzzilli ,作为初始化的语料库。 不过看rea...

Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals

Web browsers, our extensive gateway to the internet. Browsers today play a vital role in modern organizations as more and more software application...

automatic fuzz chromium from a easy way

本文介绍一个简便的方法构建自动挖掘chromium 框架。主要的想法是自动去跑生成的testcase ,然后检测结果是否触发了ASAN,触发了的话自动邮件发送符号化...

Edge浏览器-通过XSS获取高权限从而RCE

点击蓝字 / 关注我们这是白帽子(twitter:@spoofyroot)在2019年发布的一篇文章,完整介绍了这位师傅在挖掘Edge浏览器漏洞的思路、利用、组合。其...

CVE-2022-1364: Inconsistent Object Materialization in V8

The Basics Disclosure or Patch Date: 14 April 2022 Product: Google Chrome Advisory: https://chromereleases.googleblog.com/2022/04/stable-channel-...
1 2 3 6