Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2023-4427 PoC — Google Chrome 缓冲区错误漏洞

Source
https://github.com/tianstcht/CVE-2023-4427
Associated Vulnerability
Title:Google Chrome 缓冲区错误漏洞 (CVE-2023-4427)
Description:Out of bounds memory access in V8 in Google Chrome prior to 116.0.5845.110 allowed a remote attacker to perform an out of bounds memory read via a crafted HTML page. (Chromium security severity: High)
Readme
# CVE-2023-4427

CVE-2023-4427 was found by glazunov, and you can find RCA in his [report](https://bugs.chromium.org/p/project-zero/issues/detail?id=2477)  

chrome version: 117.0.5938.62 in linux from v8ctf.  

I choose a very unstable method. To bypass ASLR, use many iframes with different domains in `main.html` to brute high address, you can change your `/etc/hosts` to implement that locally, if you are a ctfer, you should know it's 1/256 lol, or if ASLR is disabled for debug, you can set bbbase in #L210 to const. Of course there are some more stable methods like use JIT code in area of WASM.  

The exp for v8 is lost, but it's easier than chrome version, understand RCA and you can solve it by yourself.  

More detailed writeup is coming soon(*MAYBE*)
File Snapshot

 [4.0K]  /data/pocs/18e127bce3c00463cc81312acd7364bac884d557
├── [9.4K]  exp.html
├── [ 279]  main.html
└── [ 767]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →