Vulnerabilities tagged "browser"

• Type Confusion Exploit in Chrome (CVE-2023-3420)

  10 October 2023

  Post from Man Yue Mo at GitHub Security Lab on an RCE in Chrome due to a bug in Chrome's JIT compiler (TurboFan).As a bit of background, modern browsers will often compile code/functions that are deemed as 'hotpaths' (aka executed a lot)...

• Heap buffer overflow in the WebP image library

  10 October 2023

  A rather complex-bug to trigger that was found being exploited in the wild against libwebp's VP8L compression and was reachable through an iMessage.

• [Chrome] heap-use-after-free in AccountSelectionBubbleView::OnAccountImageFetched

  01 November 2022

  Callbacks can be tricky in memory-unsafe languages, here we have the Chrome Account Selection feature creating an image view and an image fetcher. Sets up a callback function to be called once the account's image has been fetched and passes in the raw pointer to the created image_view, the problem being that the image view may be destroyed before the callback happens.

• [Chrome] Universal XSS in Autofill Assistant

  03 October 2022

  The Autofill Assistant has a chain of issues that could be abused for universal XSS in the context of an arbitrary website.

• An Incorrect Instruction Choice in the JIT Resulting in an Incorrect Calculation

  14 December 2021

  This is a interesting primitive, an unsigned 32bit integer can mistakenly be kept unsigned after it is supposedly converted to a signed 64bit integer and passed in somewhere expecting a signed value.

• GHSL-2021-124: Use After Free (UAF) in Chrome - CVE-2021-30528

  05 October 2021

  There is a use-after-free on Chrome for Android when fetching credit card details to autofill. This vulnerability does require the victim have credit card details saved by Chrome.

• Chrome in-the-wild bug analysis: CVE-2021-30632

  05 October 2021

  First a bit of background terminology as I understand it. Not being familiar with v8 there are likely some subtleties I am missing.