Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

CVE-2018-6065 PoC — Google Chrome V8 数字错误漏洞

Source
https://github.com/b1tg/CVE-2018-6065-exploit
Associated Vulnerability
Title:Google Chrome V8 数字错误漏洞 (CVE-2018-6065)
Description:Integer overflow in computing the required allocation size when instantiating a new javascript object in V8 in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.
Readme
# Chrome V8 CVE-2018-6065 Exploit



Analysis blog post: https://b1tg.github.io/post/cve-2018-6065-analysis


```bash
git reset 0407506af3d9d7e2718be1d8759296165b218fcf  --hard
gclient sync -f
tools/dev/v8gen.py x64.debug
ninja -C out.gn/x64.debug

tools/dev/v8gen.py x64.release
ninja -C out.gn/x64.release
```
Test on Ubuntu 18.04 and Ubuntu 20.10


![xcalc](final.png)
File Snapshot

 [4.0K]  /data/pocs/fd3168b80045214897d57169351420e5f90ac17c
├── [4.0K]  chrome.js
├── [7.8K]  exploit.html
├── [7.3K]  final.js
├── [197K]  final.png
├── [ 460]  poc.js
└── [ 376]  README.md

0 directories, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →