Old v8ctf chall but i had fun solving it while listening to tik tok and getting RCE'd inside my box

v8ctf now has bugid published.

If you look at v8ctf public submissions, specifically for 2025, then in almost six months only 5 have been confirmed (two of which are 0-day).And in general, there have been few serious problems in v8 so far (only one 0-day ITW + one N-day ITW full-chain).

v8ctf m128 confirmed as an 0day

upd: 9 v8ctf submissions have been confirmed (three of which are 0-day), two 0-days ITW & one N-day ITW full-chain.

Recently, I exploited CVE-2025-2135, which was also used in v8ctf. Any feedback is highly appreciated.

I am so excited , finally, I got 2nd blood of v8ctf, wait to comfirm, my exp need to brute, but i will write a writeup to prove I can increase its success rate!

Another parser bug, utilized by someone in v8ctf M127

Confirmed! My student, Haein Lee, has successfully completed the 3rd submission for v8ctf! He uses a 1-day bug, and his exploit is very interesting! I hope that we can disclose the details of this exploit in the short future.

From the Vulnerability to the Victory : A Chrome Renderer 1-Day Exploit’s Journey to v8CTF Glory : (Slides)

The first #v8CTF submission is in \o/. This was

This issue is due to a incomplete fix to CloneObjectIC that I mentioned in my reading notes: which is used by the first v8ctf commit. The condition function is still dog shit for now, but it works.

compensating with the quickest v8ctf submission in history :)

🌪️ Now at #TyphoonCon24: From Vulnerability to Victory: A Chrome Renderer 1-Day Exploit's Journey to v8CTF Glory by Haein Lee

Blog about issue-339736513: [v8ctf M125] v8 missing check of WasmObject type causing IC type confusion and OOB access. Shout out to @mistymntncop, i can't believe the poly IC technique from CVE-2023-3079 is still alive😅.

0-day exploited in v8ctf.

CVE-2024-2887 WebAssembly type confusion PoC Missed out on the v8ctf bounty again because I have absolutely no idea how to achieve v8 sbx escape. 🥹.

v8ctf enjoyer:

upd 8 v8ctf submissions have been confirmed (three of which are 0-day), two 0-days ITW & one N-day ITW full-chain.