Chrome

The hunt for Chromium issue 1072171

29 May 2020 ~29 min By Javier Jimenez
Browser Chrome Exploit Development Vulnerability Research 0day V8 Vulnerability
The last few months I’ve been studying Chrome’s v8 internals and exploits with the focus of finding a type confusion bug. The good news is that I found one, so the fuzzing and analysis efforts didn’t go to waste. The bad news is that I can reliably trigger the vulnerability but I haven’t found a way to weaponise it yet. If you don’t have prior knowledge of v8, I encourage…

Intro to Chrome’s V8 from an exploit development angle

28 February 2020 ~11 min By Javier Jimenez
Browser Browsers Chrome Exploit Development Exploitation Javascript Reverse Engineering V8
Last Christmas I was doing quite a bit of research around an exploit for Chrome’s JavaScript engine, V8. While most of the concepts around the exploit might seem familiar: for example, what is known as a Type Confusion today has the almost exact concept (or outcome) as a Use-After-Free vulnerability, one of the differences is that there is no free/malloc exploited directly; there is a huge difference in the root…