tags:v8chromewasmtype_confusionOOB_write original link: CVE-2024-4761: v8 missing check of WasmObject type cast causes type confusion and OOB access newsletter link: exploits.club Weekly Newsletter 22
Exploits Club Summary:
 @buptsb and @mistymntncop have been busy this week. They first released a blog post and PoC for CVE-2024-4947, an ITW Chrome 0-day found by Kaspersky (which you should know about if you read last weekâs exploits.club). Following up, they did the same for the second ITW Chrome 0-day in last weekâs security update. Both posts are worth a read, but in the end they use the same exploit technique. Zero Day Engineering also released a RCA of the bugs should you be interested in further reading.