tags:type_confusionwasmchromesbx original link: SSD Advisory: Google Chrome RCE newsletter link: exploits.club Weekly Newsletter 34 - V8 Confusions, Smart Speaker Spying, Summer Camp Round-Up, And More
Exploits Club Summary:
An RCA and exploit for a type confusion bug identified during TyphoonPWN 2024. The post walks through the vulnerability, which is a type confusion between canonicalized type id andÂ
wasm::HeapType. This bug can be elevated to arbitrary type confusion between WASM objects. The post goes on to say that leveraging this into basic exploit constructs was very similar to that of @_manfp Pwn2Own winning exploit. The last step is the escape the V8 sandbox, which was successfully done by abusing abusingÂPartitionAlloc