🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox * No longer limited to d8 * Rewards for controlled writes increased to $20k * Any memory corruption outside the sandbox now in scope bughunters.google.com/about/rules/ch… Happy hacking!

IIRC, the chainsaw one was one of the first browser exploits I ever wrote, good times!

The most elegant V8 Wasm Turboshaft typer exploit that I've reported. This primitive converts **any** Wasm type confusion in **any type hierarchy** into fully controlled arbitrary type confusion - e.g. what happens if you type `null : ref extern`? RCE :) crbug.com/372269618

Amazing... He is a real hacker. cylab.cmu.edu/news/2025/01/0…

apart from probably being not too stealthy.. this is a hilarious (and kinda sad) find. what sandbox? I'll just move the mouse to stage2.exe and click it using mojo IPC messages from renderer context

github.com/google/securit… Our newest research project is finally public! We can load malicious microcode on Zen1-Zen4 CPUs!

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm! Go check it out at github.com/googleprojectz…. While we still have a way to go in improving it, we think it shows a promising approach!

Exploit Chrome once again :)

I find myself repeating this a bit, so fuck it, here's how to get into an unprivileged namespace on Ubuntu 24.04/24.10. PSA: linux is stupid and for nerds, and Canonical/Ubuntu suck at security. $ busybox sh -c "unshare -Urmin" too embarassing to even call it a bypass

THIS IS A GREAT TIME TO BUY 0DAY!!!

No shortage of kernel bugs... :) Kernel 6.6.87 got pwned by 6 unique 0days within 25 seconds of going live on kCTF, lol: docs.google.com/spreadsheets/d…

My latest Spectre research is now public! See intra-mode BHI CPU vulnerability disclosure and PoC at github.com/google/securit…. This user-to-kernel attack bypasses eIBRS, BHB clearing and other mitigations.

Me and the homies are dropping browser exploits on the red team engagement 😎. Find out how to bypass WDAC + execute native shellcode using this one weird trick -- exploiting the V8 engine of a vulnerable trusted application. ibm.com/think/x-force/…

300 likes and we'll sponsor again next year offensivecon

The fix for #Pwn2Own Mozilla Firefox Out-of-bounds access vulnerability when resolving Promise objects (CVE-2025-4920 [1966612]): hg-edge.mozilla.org/mozilla-centra…

The fix for #Pwn2Own Mozilla Firefox JIT compiler vulnerability when optimizing linear sums (CVE-2025-4921 [1966614]): hg-edge.mozilla.org/mozilla-centra…

#OffensiveCon25 videos are now up! youtube.com/playlist?list=…

🚨🚨🚨We just broke everyone’s favorite CTF PoW🚨🚨🚨 Our teammate managed to achieve a 20x SPEEDUP on kctf pow through AVX512 on Zen 5. Full details here: anemato.de/blog/kctf-vdf The Sloth VDF is dead😵 This is why kernelCTF no longer has PoW!