Subscribe via feed.

Google Chrome 72 / 73 Array.map Corruption

Posted by deepcore on March 6, 2020 – 9:28 am

This Metasploit module exploits an issue in Chrome version 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload. The payload is executed within the sandboxed renderer process, so the browser must be run with the –no-sandbox option for the payload to work correctly.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.