Telegram for Android: Use-after-free in Connection::onReceivedData bugs.chromium.org/p/project-zero…

V8 Sandbox Bypass: Control flow hijack via Torque function type corruption (reward: $20000) crbug.com/390639820

🔥 Unpacking PE with Qiling Framework by Utku Çorbacı 0xreverse.com/unpacking-pe-w…

autoninja -C out/Default chrome

Samsung S24: Out of bounds write in VC1 Decoder (svc1d_rr_frm) project-zero.issues.chromium.org/issues/3962269…

Exploited ITW (CVE-2025-5419)[420636529][turbofan]OOBRW chromium-review.googlesource.com/c/v8/v8/+/6594… chromereleases.googleblog.com/2025/06/stable… Reported by Clément Lecigne(clem1) and Benoît Sevens

V8 sandbox violation due to concurrent ArrayBuffer modifications during std::sort (reward: $5000) crbug.com/385775375

Remember that great OffensiveCon talk? Or sad you missed it? Well, here are the slides for it! github.com/TrenchantARC/G…

Heap-use-after-free in blink::ImageDecodingStore::InsertDecoder crbug.com/402542600

[425896305][objects, heap] A lot of code in the GC uses unsigned sizes to copy around bytes or iterate objects. The size of on-heap objects is stored as int. Attackers can craft negative sizes that can lead to very large offsets via sign extension and e.g. conversion to size_t.

The fix for Google Chrome V8 In-The-Wild Type Confusion vulnerability in interpreter bytecode generator (CVE-2025-6554 [427663123]): chromium.googlesource.com/v8/v8.git/+/22… Further hardening: chromium.googlesource.com/v8/v8.git/+/2c…

Leak hole PoC for Chrome in-the-wild vulnerability CVE-2025-6554 published yesterday: github.com/DarkNavySecuri…

V8 Sandbox Bypass: Uninitialized read to switch-case OOB jump in Maglev JSGeneratorObject allocation inlining (reward: $25000) crbug.com/403600260

Heap-buffer-overflow in SkPngCodecBase::createColorTable (reward: $9000) crbug.com/406054655

[In-the-wild][427162086] High CVE-2025-6558: Incorrect validation of untrusted input in ANGLE and GPU. Reported by Clément Lecigne and Vlad Stolyarov of Google's Threat Analysis Group on 2025-06-23 Google is aware that an exploit for CVE-2025-6558 exists in the wild.

Escalation methodology for CVE-2024-4947, a in-the-wild V8 type confusion bug. Shoutout to vaber, Boris Larin, 1377 High-yield Nukes, j j, 303f06e3 and Dimitri Fourny for their great research for this bug! github.com/bjrjk/CVE-2024…

rust😁 (CVE-2025-48530)[crabbyavif, Avif parser/decoder][NV12]OOB accesses(YUV planes, alpha plane, Y plane, UV planes, chroma width calc, plane size calc, row bytes,...) -> 0-click RCE android.googlesource.com/platform/exter… alloc -> decoder write -> copy/access -> RCE potential

At long last - Phrack 72 has been released online for your reading pleasure! Check it out: phrack.org

You are one of the TC39 committee member and JavaScript language expert, generate 1 million js samples based on tc39/proposal-explicit-resource-management until a DCHECK happens since we are P0 and have infinite token quota.

[$3000][415523530][maglev types]Debug check failed: CanElideWriteBarrier(object, value) chromium-review.googlesource.com/c/v8/v8/+/6532… Reported by Zhenghang Xiao (Kiprey) and Nan Wang (sakura)