chrome_v8_exploit icon indicating copy to clipboard operation
chrome_v8_exploit copied to clipboard

verified publisher icon Geluchat

Metadata

A collection of 1days and solutions to challenges related to v8/chrome I developed

chrome_v8_exploit

A collection of 1days and solutions to challenges related to v8/chrome I developed

Bug type Exploit type Origin Files Notes
Integer overflow, OOB RW 1day https://bugs.chromium.org/p/project-zero/issues/detail?id=1793 1793.js
JIT bug, OOB RW 1day https://bugs.chromium.org/p/chromium/issues/detail?id=762874 762874.js, 762874_lowered.js The lowered version works without BigInt
OOB RW Challenge *CTF - OOB oob.js, oob2.js 2 methods: type confusion and fast_element/dictionary_element trick
JIT bug, Type confusion Challenge RealWorldCTF Quals 2019 - accessible rwctf.js
JIT bug, OOB RW Challenge WCTF 2019 - Browser exploitation training wctf.js Training link

Metadata

148
Stars
28
Forks
Watchers

Owner

verified publisher icon Geluchat

Metadata

A collection of 1days and solutions to challenges related to v8/chrome I developed

Back