A rather simple Chrome permission bypass.Basically `chrome.pageCapture.saveAsMHTML()` shouldn't be able to save pages it doesn't have the permissions to read like pages belonging to another extension or chrome pages...
A fun but simple buffer overflow in Factorio.When loading save files, the game will load a `PropertyTree` from the file...
There is a lot going on in this post, the novel aspect are a few Mark-of-the-Web (MotW) bypasses, those MotW bypasses were found while exploring an in-the-wild exploit chain which is also covered here.
A fairly simple processing bug in WinRAR resulting in code execution with benign seeming interaction with an archive; unfortunately this one was seen being exploited in the wild to spread malware.
**CVE-2023-27322 - Local Privilege Escalation Through Parallels Service**
I thought this was an excellent post when it came to explaining the exploitation strategy, and has it dealt with encrypted pointers the exploitation was pretty cool to see documented. However I did have some problems following on the actual vulnerability details.
A directory traversal vulnerability in Parallels Desktop for MacOS has been identified, leading to a guest-to-host VM escape.Parallels ToolGate, a virtual PCI device, facilitates communication between the guest and host operating systems...
A number of bugs in Tailscale leading to an RCE chain.
Cross-Site Tracing is a vulnerability I didn't think I'd be hearing about again, yet here we are.
Callbacks can be tricky in memory-unsafe languages, here we have the Chrome Account Selection feature creating an image view and an image fetcher. Sets up a callback function to be called once the account's image has been fetched and passes in the raw pointer to the created image_view, the problem being that the image view may be destroyed before the callback happens.