tags:chrometype_confusionv8 original link: Chaining N-days to Compromise All: Part 1 — Chrome Renderer RCE newsletter link: exploits.club Weekly Newsletter 13


Exploits Club Summary:

As promised, Theori has published the first blog post on their 1-day 6 bug full-chain. This post documents exploitation of CVE-2023–3079, a type confusion bug in V8. The team walks through the required browser background knowledge, before diving into an RCA of the bug and explaining how the primitive can be escalated to an OOB memory access before eventually being turned into RCE. We are looking forward to the next 5 posts!