CVE-2023-4427 PoC — Google Chrome 缓冲区错误漏洞

Source

https://github.com/tianstcht/CVE-2023-4427

Associated Vulnerability

Title:Google Chrome 缓冲区错误漏洞 (CVE-2023-4427)
Description:Google Chrome是美国谷歌（Google）公司的一款Web浏览器。V8是其中的一套开源JavaScript引擎。 Google Chrome 116.0.5845.110 版本之前存在安全漏洞，该漏洞源于 V8 模块存在越界读取问题。

Readme

# CVE-2023-4427

CVE-2023-4427 was found by glazunov, and you can find RCA in his [report](https://bugs.chromium.org/p/project-zero/issues/detail?id=2477)  

chrome version: 117.0.5938.62 in linux from v8ctf.  

I choose a very unstable method. To bypass ASLR, use many iframes with different domains in `main.html` to brute high address, you can change your `/etc/hosts` to implement that locally, if you are a ctfer, you should know it's 1/256 lol, or if ASLR is disabled for debug, you can set bbbase in #L210 to const. Of course there are some more stable methods like use JIT code in area of WASM.  

The exp for v8 is lost, but it's easier than chrome version, understand RCA and you can solve it by yourself.  

More detailed writeup is coming soon(*MAYBE*)

File Snapshot


 [4.0K]  /data/pocs/18e127bce3c00463cc81312acd7364bac884d557
├── [9.4K]  exp.html
├── [ 279]  main.html
└── [ 767]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!