tags:v8chromeITWtype_confusion original link: CVE-2024-5274: A Minor Flaw in V8 Parser Leading to Catastrophes newsletter link: exploits.club Weekly Newsletter 37 - Juicy Overflows, The Art Of Exploitation, Rust in Firmware, and More
Exploits Club Summary:
The team at DARKNAVY published their root cause analysis and PoC for CVE-2024-5274, an ITW type confusion which was patched earlier this summer. The post starts with a review of the small patch and a root cause of the bug before looking at how to trigger the vulnerability and generate inconsistent bytecode. It then detours slightly to discuss methodology and the failures that led the team to the eventual working payload. After that, it discusses exploitation. @mistymntncop also took to X after the issue page was made public to release a PoC crafted by him and @buptsb.