Additionally, last year our teammate Bien 🇻🇳 also pwned Linux kernel on kernelCTF with a 0-day, that has been fixed and assigned CVE-2023-4244.
So far, we have successfully pwned 2/3 liveCTF hosted by Google.
We are going to aim for kvmCTF in the future.
CVE-2024-0517 - Chrome V8 maglev compiler optimization RCE vulnerability, has been derestricted (along with exploit code). This was reported by our teammate Suto
issues.chromium.org/issues/41488920
After CVE-2024-0223, we reported the bypass and it was assigned CVE-2024-3516:
issues.chromium.org/issues/3288591…
Months later, someone else reported another variant and Google decided to give up and allow Chrome's GPU to crash instead of fixing the issue.