Google Chrome 67 / 68 / 69 Object.create Type Confusion

Posted by deepcore on March 6, 2020 – 9:28 am

This Metasploit modules exploits a type confusion in Google Chrome’s JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process, so the browser must be run with the –no-sandbox option for the payload to work.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« PHP-FPM 7.x Remote Code Execution netkit-telnet 0.17 Remote Code Execution »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Google Chrome 67 / 68 / 69 Object.create Type Confusion

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL