Google Chrome Blink Serializer::doSerialize Bad Cast

Posted by deepcore on November 15, 2016 – 2:28 am

When serializing JavaScript objects for sending to another window using the postMessage method, the code in blink does not handle Symbol objects correctly and attempts to serialize this kind of object as a regular object, which results in a bad cast. An attacker that can trigger this issue may be able to execute arbitrary code. Chrome version 38 is affected.

This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.

« Trango Systems Backdoor Root Account BlackNurse Spoofed ICMP Denial Of Service Proof Of Concept »

:: Deepquest ::

This site contains information which could be considered illegal in some countries. It is provided here for educational use only and is not intended to be used for illegal activities.

Google Chrome Blink Serializer::doSerialize Bad Cast

Post a reply

Tabs Switcher

Categories

Archives

Meta

BLOGROLL