ttt
@tchght
Followers
288
Following
697
Media
4
Statuses
120
Joined December 2020
RT @mistymntncop: Exploit and mini writeup for CVE-2025-5419.
github.com
Contribute to mistymntncop/CVE-2025-5419 development by creating an account on GitHub.
0
61
0
Nice work, I am a printer now
Attacking UNIX Systems via CUPS, Part I .
0
0
0
RT @bjrjk: Released a slides for CVE-2022-4262!
github.com
Full Chain Analysis of CVE-2022-4262, a non-trivial feedback slot type confusion in V8. - bjrjk/CVE-2022-4262
0
22
0
RT @mmolgtm: In this post I'll use CVE-2024-5830, a bug in object transitions in Chrome to gain RCE in the Chrome renderer sandbox: https:/….
github.blog
In this post, I'll exploit CVE-2024-5830, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
0
78
0
RT @edwardzpeng: Here is our slides for Zer0con 2024, Escaping the Sandbox (Chrome and Adobe Pdf Reader) on Windows .
0
111
0
POC before M123 here: . const regex1 = RegExp("tt, 'g');.const str1 = "ttt";. let regex1_addr = addrOf(regex1);.let data_addr = readHeap4(regex1_addr+0xc);. writeHeap4(data_addr+7, 0xf*2);.writeHeap8(regex1_addr+0x11, 0xdeadbeefn);. regex1.exec(str1);.
0
8
42
about half month ago, wrote a sbx poc based on this issue, and learned a new tip about switch-ub case.
[autozilli](.[Regexp][Sandbox]JSRegExp::data FixedArray corruption->SBX? .[ClusterFuzz]Add option to avoid minimization for uploaded samples @5aelo
1
3
28
after bypass, everything are the same as before but a little difference: we need "a novel technique for defeating V8 hardening".
PoC of v8 CVE-2024-3159: enumcache oob v2.0. It's related to CVE-2023-4427. As a security researcher who has long been aware of the potential bugs in MapUpdater and enumcache, I should reflect on my careless code review and outdated workflow.
1
0
6
real master of browser exploit.
0
0
4
oh, ignore reentrancy vulnerability in code of set method again. .
[1510709]Type confusion -> RCE in the renderer process. /d8 --harmony-set-methods ex.js. /google-chrome --no-sandbox --js-flags="--harmony-set-methods" ex.html. @h0meb0dysj.
0
0
3
awesome!! looking forward new tech.
Confirmed! @le_douds and @Ga1ois from Palo Alto used an OOB Read plus a novel technique for defeating V8 hardening to get arbitrary code execution in the renderer. The were aboe to exploit #Chrome and #Edge with the same bugs, earning $42,500 and 9 Master of Pwn points. #Pwn2Own
0
0
1
nb.
Do you use a virtual machine to browse dangerous links safely? If you use the Chrome browser inside that virtual machine, is it secure enough?.As you might have guessed, the answer is not so much. We chained six unique CVEs from 2023 listed below. • Chrome Renderer RCE :
0
0
5
also no symbol: .```.is_debug = false.enable_nacl = false.symbol_level = 1.is_asan = true.is_component_build = true.target_cpu = "x64".```.
0
0
0
Is there anyone tell me how to get symbol info in asan log, I have compiled chromium 4 times. my is below:.```.is_debug = false.dcheck_always_on = false.symbol_level = 2.blink_symbol_level = 1.is_asan = true.target_cpu = "x64".```.
2
1
5
release my exploit code for CVE-2023-4427, wrteup is coming soon(maybe), enjoy it.
github.com
Contribute to tianstcht/CVE-2023-4427 development by creating an account on GitHub.
3
14
114