CVE-2018-17463

Working Proof of Concept Exploit for CVE-2018-17463 utilzing WebAssembly RWX Pages for Shellcode execution.

CVE-2018-17463 stemmed from the incorrect side effect annotation in V8 in Google Chrome prior to 70.0.3538.64, allowing a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page.

This Proof of Concept is directly related to the following blog posts:

Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
Chrome Browser Exploitation, Part 3: Analyzing and Exploiting CVE-2018-17463

The original writeup for this bug was presented in Phrack: Exploiting Logic Bugs in JavaScript JIT Engines by Samuel Gross.

All credits to finding the bug and writing the initial proof of concept go to Samuel Gross.

Name		Name	Last commit message	Last commit date
Latest commit History 3 Commits
CVE-2018-17463.js		CVE-2018-17463.js
README.md		README.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

CVE-2018-17463

About

Releases

Packages

Languages

jhalon/CVE-2018-17463

Folders and files

Latest commit

History

Repository files navigation

CVE-2018-17463

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages