Insufficient data validation in V8 in Google Chrome before 87.0.4280.88 allowed a remote malicious user to potentially exploit heap corruption via a crafted HTML page.
Multiple security issues were discovered in the Chromium web browser, which
could result in the execution of arbitrary code, denial of service
or information disclosure
For the stable distribution (buster), these problems have been fixed in
version 870428088-04~deb10u1
We recommend that you upgrade your chromium packages
For the detailed sec ...
The Stable channel has been updated to 870428088 for Windows, Mac and Linux which will roll out over the coming days/weeksA full list of changes in this build is available in the log Interested in switching release channels? Find out how here If you find a new issue, please let us know by filing a bug The community help forum is also a ...
Insufficient data validation in V8 in Google Chrome versions prior to 870428088 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...
This Metasploit module exploits an issue in Google Chrome versions before 870428088 (64 bit) The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1 This is abused to gain arbitrary read/write into ...
Insufficient data validation in V8 in Google Chrome versions prior to 870428088 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page ...
Introduction
π Hi, I’m @ret2eax
π Feel free to snoop around
π‘ I’m interested in reverse engineering, vulnerability research & exploit development
π Currently focused on developing skillset in browser exploitation
Website(s)
HOMECREW (Personal Website)
INGENIUM LABS (Commercial Services)
Research, Publications &am
exploits
CVE-2021-22600: Linux kernel LPE exploit
CVE-2021-3156: Linux local privilege escalation through heap overflow in sudo (Demo)
CVE-2021-3156: One shot exploit for heap overflow vulnerability in sudo
CVE-2020-6507: Out of bounds write in V8 Chrome versions <= 830410397 (RCE)
CVE-2020-16040: Chrome exploit versions <= 870428088
exploits
CVE-2021-3156: Linux local privilege escalation through heap overflow in sudo (Demo)
CVE-2021-3156 One shot exploit
CVE-2020-6507: Out of bounds write in V8 Chrome versions <= 830410397 (RCE)
CVE-2020-16040: Chrome exploit versions <= 870428088