tags:chromesbxlpewindowsuafalpc original link: Chaining N-days to Compromise All: Part 2 — Windows Kernel LPE (a.k.a Chrome Sandbox Escape) newsletter link: exploits.club Weekly Newsletter 15
Exploits Club Summary:
Theori released the second write-up for their 1-day fullchain. Following on from their Chrome Renderer RCE, the post walks through escaping the Chrome Sandbox by exploiting a Windows Kernel vulnerability. Specifically, the team was able to take advantage of a UAF in Advanced Local Procedure Call (ALPC). The post is exceptionally detailed, walking through ALPC internals, an RCA of the original CVE, and the exploit strategy.
backlinks: Chaining N-days to Compromise All - Part 1 — Chrome Renderer RCE