[40068627]V8 SBX due to tiering_budget_array being referenced through a raw pointer issues.chromium.org/issues/40068627 [40068691]Crash in Builtins_NewGenericJSToWasmWrapper issues.chromium.org/issues/40068691 [41482162 - [email protected]]V8 SBX abusing Liftoff assembly issues.chromium.org/issues/41482162

Chrome sandbox escape abusing Liftoff assembly by [email protected] retr0.zip/blog/abusing-L… #chrome #infosec

👀

An actually exploitable BMP parser overflow in Chrome in 2024??!? 🤯 issues.chromium.org/issues/41494860

Just dropped my exploit with new cross-{cache,bucket} techniques (I love the creativity of kernel exploits, it gave me a very cool experience with SLAB allocators), the coolest part for me is the exploit, basically almost any memory corruption in Blink/Chrome can achieve RCE :D

It's exploits.club day ‼️ A novel exploit technique from [email protected] Boris Larin and the Kaspersky team featured twice for TWO different ITW 0-days Trend Zero Day Initiative and Cody Gallagher partner for a post about popping VirtualBox + Jobs and more 👇 blog.exploits.club/exploits-club-…

My detailed writeup about it: buptsb.github.io/blog/post/CVE-…

Don't forget this weekend r3ctf!

Follow the pig 🐷🥇!! Is really fun playing with merged teams :)

“i need a gf” “i need a bf” what you need is a terminal and a text editor

Excited to read about browsers??? 👻

The time has come, and with it your reading material for the week. Phrack #71 is officially released ONLINE! Let us know what you think! phrack.org/issues/71/1.ht…

The Phrack Zine #71 is finally out!! How an image decoding bug can be turned into a full RCE? Easy, by abusing PartitionAlloc's internals and creating new techniques to exploit basically any memory corruption within Chromium! Let's alloc more exploits :P phrack.org/issues/71/10.h…

What should I do after finding null-deref's in the renderer process, the GPU process and the main process??? Why do ppl nullify ptrs? Just use them, it doesn't matter if it's already been freed, just use it!!!

Earlier this year, I used a 1day to exploit the kernelCTF VRP LTS instance. I then used the same bug to write a universal exploit that worked against up-to-date mainstream distros for approximately 2 months. osec.io/blog/2024-11-2…

Is there anything useful to do with an OOB vector in the GPU process? Some custom chromium that disables "safe libc++" or some new trick?

uma vez sonhei que tudo no mundo tinha o seu nome coelho tinha o seu nome xícara tinha o seu nome teleférico tinha o seu nome

Looks like we drop some coins

My article "High-Performance Network Scanning with AF_XDP" has been released on the 72th issue of Phrack. phrack.org/issues/72/3_md…