exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Google Chrome 80 JSCreate Side-Effect Type Confusion https://packetstormsecurity.com/files/156632/chrome_jscreate_sideeffect.rb.txt https://packetstormsecurity.com/files/156632/chrome_jscreate_sideeffect.rb.txt https://packetstormsecurity.com/files/156632/Google-Chrome-80-JSCreate-Side-Effect-Type-Confusion.html Thu, 05 Mar 2020 14:45:47 GMT This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

Related Files

No related files
packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close