SorryMybad
@S0rryMybad
Followers
14K
Following
475
Media
56
Statuses
776
Is the first time in public competition after PAC introduced? πππ
Applause to another big winner on target iPhone 11 pro+iOS14. $180,000 granted! @S0rryMybad @realBrightiup π
1
3
63
https://t.co/CrwHmH2lI2 [N/A][436181695] High CVE-2025-9132: Out of bounds write in V8. Reported by Google Big Sleep on 2025-08-04 TL;DR: Repro extremely short, bug very easily exploitable for a renderer RCE. Big Sleep is interesting indeed :)
chromereleases.googleblog.com
The Stable channel has been updated toΒ 139.0.7258.138/.139 for Windows, Mac andΒ 139.0.7258.138 Β for Linux which will roll out over the comi...
2
33
166
Excited to be nominated for the Best RCE of 2024 Pwnie Awardsπ₯°.
π¨We are very pleased to announce the nominees for the 2024 Pwnie Awards! Be sure to tag your friends and catch us at Def Con! π¨ π₯³ππ₯³ππ₯³ππ₯³ππ₯³ππ₯³ππ₯³ππ₯³π https://t.co/TxplA2l6X6
4
4
65
In this post I'll use CVE-2024-3833, a type confusion in v8 to gain remote code execution in the Chrome renderer sandbox:
github.blog
In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit...
1
85
268
Finally got around to publishing the slides of my talk @offensive_con from ~two weeks ago. Sorry for the delay! The V8 Heap Sandbox: https://t.co/2As3NlRebZ Fantastic conference, as usual! :)
1
87
291
CVE-2023-6702: Type Confusion in V8(CaptureAsyncStackTrace). [1501326]Fix the case when the closure has run We were using the closure pointing to NativeContext as a marker that the closure has run, but async stack trace code was confused about it. https://t.co/uDZA3uC6Mr
1
6
37
πͺ² New RCA up for CVE-2021-4102 by @btiszka! It's a wild one in Chrome's Turbofan #itw0days
https://t.co/Vr5Wj6aLSu
googleprojectzero.github.io
Information about 0-days exploited in-the-wild!
0
46
143
Another exciting step for the V8 sandbox: with https://t.co/UiMNyNxj7C (in Chrome 121) BytecodeArrays are now the first internal objects to move out of the sandbox and into the new trusted heap space: https://t.co/5o1Xar1P0F!
docs.google.com
V8 Sandbox - Trusted Space Author: saelo@ First Published: October 2023 Last Updated: December 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses...
2
45
155
After 3 years, we finally managed to write our first blog post about a powerful XNU infoleak patched in 17.1 https://t.co/f3mZjw43qZ
blog.dfsec.com
Dataflow Security blog
2
79
324
In this post I'll use CVE-2023-4069, a type confusion bug in the Maglev JIT compiler of Chrome that I reported in July, to gain RCE in the Chrome renderer sandbox:
6
102
314
In this post I'll use CVE-2023-3420, an incorrect side effect modelling bug in the JIT compiler that I reported to Chrome, to gain a sandboxed remote code execution in the renderer:
4
109
296
"The WebP 0day" -- a full technical analysis the recently patched vulnerability in the WebP image library that was exploited in the wild (CVE-2023-4863).
blog.isosceles.com
Early last week, Google released a new stable update for Chrome. The update included a single security fix that was reported by Apple's Security Engineering and Architecture (SEAR) team. The issue,...
14
312
807
ηθ
I public my researching on CNG Key isolation with CVE-2023-28229 and CVE-2023-36906 on my blog, MSRC marked it as Exploitation less likely, but I complete the exploitation in a short time.π
π
https://t.co/ste6nCOsrY
0
0
3
I have completed the FORCED ENTRY RCE + SBX chain with a PAC bypass. The calculator payload can be found here: https://t.co/voZRBSdgdD. I learned a lot about iOS exploitation and can't wait to share that in a blog post, which I'll release along with the code to generate this PDF.
8
91
411
Root Cause Analysis - CVE-2023-32439 Type Confusion in Webkit - https://t.co/5Kt42OzKDw
#BrowserSecurity #bugbountytips #WebKit
blog.pksecurity.io
Sunjoo Park @grigoritchy
1
29
84
π New RCA! The v8 security team is at it again with a new RCA for CVE-2022-4262, the #itw0days patched in December 2022. I really like how they modified the fuzzing flag to better find this class of bugs! Thank you @5aelo! π₯ https://t.co/nsVXKPHjym
0
38
124
Google Chrome V8 ArrayShift Race Condition Remote Code Execution
blog.exodusintel.com
ByΒ Javier Jimenez Overview This post describes a method of exploiting a race condition in the V8 JavaScript engine, version 9.1.269.33. The vulnerability affects the following versions of Chrome and...
0
46
114