Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
(github.blog)
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 18 Oct 2023 19:08
https://inks.tedunangst.com/l/5046
from tedu@inks.tedunangst.com to inks@inks.tedunangst.com on 18 Oct 2023 19:08
https://inks.tedunangst.com/l/5046
In this post I’ll exploit CVE-2023-4069, a type confusion vulnerability that I reported in July 2023. The vulnerability—which allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site—is found in v8, the Javascript engine of Chrome. It was filed as bug 1465326 and subsequently fixed in version 115.0.5790.170/.171.
threaded - newest