浏览器安全
An Autopsy on a Zombie In-the-Wild 0-day
Whenever there’s a new in-the-wild 0-day disclosed, I’m very interested in understanding the root cause of the bug. This allows us to then understa...
Math.abs JIT Optimization Bug in JSC
2021年天府杯我们成功完成iPhone 13 pro RCE的目标,这篇文章将会详细介绍其中使用到的Safari JavaScriptCore(JSC) 漏洞,漏洞编号为CVE-2021-30953。 ArithN...
CVE-2022-26717-Safari-WebGL-Exploit
Safari WebGL XFB Use After Free Vulnerability - CVE-2022-26717 Credits - Jeonghoon Shin(@singi21a) of Theori Patch & Updates - https://sup...
Exploit Development: Browser Exploitation on Windows – CVE-2019-0567, A Microsoft Edge Type Confusion Vulnerability (Part 2)
Introduction In part one we went over setting up a ChakraCore exploit development environment, understanding how JavaScript (more specifically, the...
A Year in Review of 0-days Used In-the-Wild in 2021
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and...
从一道CTF浅尝V8源码
目录1.GoogleCTF 2018 - Pwn Just-In-Time2.调试环境环境搭建3.题目漏洞分析4.从失败的POC读V85.Exploit参考正文作为刚接触浏览器安全的初学者,我个人选择了...
CVE-2021-30551: Chrome Type Confusion in V8
The Basics Disclosure or Patch Date: 9 June 2021 Product: Google Chrome Advisory: https://chromereleases.googleblog.com/2021/06/stable-channel-up...
Chrome Mojo组件的沙箱逃逸漏洞分析
漏洞说明Issue-1062091为chrom中存在的一个UAF漏洞,此漏洞存在于chromium的Mojo框架中,利用此漏洞可以导致chrome与基于chromium的浏览器沙箱逃逸。这个漏洞...
从0开始学 V8 漏洞利用之 CVE-2021-21225(九)
作者:Hcamael@知道创宇404实验室相关阅读:从 0 开始学 V8 漏洞利用之环境搭建(一)从 0 开始学 V8 漏洞利用之 V8 通用利用链(二)从 0 开始学 V8 漏洞利...
CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera
? Description Successful exploitation of this vulnerability can lead to the leak of user's secrets stored inside a system environment variables. A ...