浏览器安全
Opera Browser Zero-Day RCE Vulnerability on Cross-Platforms
Opera's Zero-Day RCE: It's not a soap opera, but it sure has drama. Grab your popcorn and secure your browser! 歌剧的零日RCE:这不是一个肥皂剧,但...
深入探讨分析野外 Google Chrome V8类型混淆漏洞的V8 沙箱逃逸技术
介绍我们正在分析一个野外 V8 漏洞CVE-2023–2033。一旦我们利用了该漏洞,就不难获得典型的利用原语,例如addrof、V8堆中的读取和写入。问题是我们需要逃离 V...
CVE-2023-5480: Chrome new XSS Vector
Chrome XSS Chrome XSS的 The article is informative and intended for security specialists conducting testing within the scope of a contract. The au...
Opera MyFlaw Bug Could Let Hackers Run ANY File on Your Mac or Windows
Cybersecurity researchers have disclosed a now-patched security flaw in the Opera web browser for Microsoft Windows and Apple macOS that could be e...
Google Chrome V8 CVE-2024-0517 越界写入代码执行
介绍该漏洞源于V8的Maglev编译器,特别是它如何编译具有父类的类。当涉及到父类和构造函数时,编译器需要查找它们,而在此过程中引入了漏洞。在本文中,我们...
Opera浏览器跨平台0-Day RCE漏洞
1.漏洞情况Guardio Labs研究团队近日在流行的Opera Web浏览器系列中发现了一个严重的0day漏洞, 该漏洞允许攻击者使用定制浏览器扩展在Windows或MacOS系统上执...
Start Your Engines – Capturing the First Flag in Google’s New v8CTF
Background 背景 In early October 2023, Google announced a new addition to their reward program, v8CTF. According to the rules: “v8CTF is a part of ...
picoCTF 2021 – Kit Engine
Analysis 分析 We are given d8, source.tar.gz and server.py. Let's look at server.py first: 我们被赋予 d8 了 , source.tar.gz 和 s...
*CTF 2019 – oob-v8
Most of what is written from here is courtesy of Faith and their fantastic writeup for this challenge. Please go check them out! 从这里写的大部分内...
CVE-2013-0750详细分析
前言该漏洞属于一个整数溢出漏洞,影响范围波及firefox18.0之前的所有版本。对该漏洞的分析参考了《漏洞战争》。漏洞成因火狐浏览器的javascript引擎在进行字...