浏览器安全
Dota 2 Under Attack: How a V8 Bug Was Exploited in the Game
When we think about V8 exploits, the first things that come to mind are probably related to sophisticated browser zero-day exploit chains. While th...
1377816: Security: WebAssembly UAF in catch block with stale memory start pointer
VULNERABILITY DETAILS WebAssembly memory start and size are stored as wasm instance fields. The WasmGraphBuilder caches the corresponding TurboFan...
CVE-2022-4135: Chrome heap buffer overflow in validating command decoder
The Basics Disclosure or Patch Date: 24 November 2022 Product: Google Chrome Advisory: https://chromereleases.googleblog.com/2022/11/stable-chann...
CVE-2022-34689 – CryptoAPI spoofing vulnerability
CVE-2022-34689 - CryptoAPI spoofing vulnerability This is the git repository for our research into CVE-2022-34689. For more information about the v...
2381 – Chrome: Copy-on-write check bypass in JSNativeContextSpecialization::BuildElementAccess – project-zero
ecialization::BuildElementAccess( Node* receiver, Node* index, Node* value, Node* effect, Node* control, Node* context, ElementAccessInfo const&a...
Firefox在野0day分析
RCE部分 在渲染进程通过一个JS脚本利用XSL对象解析的UAF漏洞执行远程ShellCode。 漏洞原理 利用程序首先定义一些XML,内部包含多个XSL对象。 随后调用tran...
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463
Welcome to the third and final installment of the “Chrome Browser Exploitation” series. The main objective of this series has been to provide an in...
独家揭秘通过泄露Sentinel Value绕过Chrome v8 HardenProtect
前言Sentinel value(又名flag value/trip value/rogue value/signal value/dummy data)是算法中的一个特殊值,通常在循环或递归算法中作为终止条件的特殊值存...
陌陌安全获Apple致谢:CVE-2022-42837 – iTunes Store 之殇
先为我们的同学@dwj1210鼓鼓掌?。作为围观了整个漏洞从发现到最终形成本篇文章的同学。小编前面先说一句:本次漏洞发现非常巧合,前些天给WMCTF出题的时候,d...
Exploring Chrome’s CVE-2020-6418 – Part1
Introduction: Chrome vulnerabilities have been quite a hot topic for the past couple of years. A lot of vulnerabilities where caught being exploite...