Skip to content
/ chrome_v8_exploit Public

A collection of 1days and solutions to challenges related to v8/chrome I developed

156 stars 28 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Geluchat/chrome_v8_exploit

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
1793.js
1793.js
 
 
762874.js
762874.js
 
 
762874_lowered.js
762874_lowered.js
 
 
README.md
README.md
 
 
oob.js
oob.js
 
 
oob2.js
oob2.js
 
 
rwctf.js
rwctf.js
 
 
wctf.js
wctf.js
 
 

Repository files navigation

chrome_v8_exploit

A collection of 1days and solutions to challenges related to v8/chrome I developed

Bug type Exploit type Origin Files Notes
Integer overflow, OOB RW 1day https://bugs.chromium.org/p/project-zero/issues/detail?id=1793 1793.js
JIT bug, OOB RW 1day https://bugs.chromium.org/p/chromium/issues/detail?id=762874 762874.js, 762874_lowered.js The lowered version works without BigInt
OOB RW Challenge *CTF - OOB oob.js, oob2.js 2 methods: type confusion and fast_element/dictionary_element trick
JIT bug, Type confusion Challenge RealWorldCTF Quals 2019 - accessible rwctf.js
JIT bug, OOB RW Challenge WCTF 2019 - Browser exploitation training wctf.js Training link

About

A collection of 1days and solutions to challenges related to v8/chrome I developed

Resources

Readme
Activity

Stars

156 stars

Watchers

14 watching

Forks

28 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages