CVE-2021-30632 PoC — Google Chrome 缓冲区错误漏洞

Source

https://github.com/CrackerCat/CVE-2021-30632

Associated Vulnerability

Title:Google Chrome 缓冲区错误漏洞 (CVE-2021-30632)
Description:Google Chrome是美国谷歌（Google）公司的一款Web浏览器。V8是其中的一套开源JavaScript引擎。 Google Chrome 93.0.4577.82之前版本存在缓冲区错误漏洞，该漏洞源于存在越界写入问题。攻击者利用该漏洞通过特制的 HTML 页面导致堆损坏。

Readme

# CVE-2021-30632 Chrome V8 RCE Exploit for Windows

### Tested Version : Chrome 91, 92, 93.0.4577.63

### Demo
![Demo](demo.gif)

### [reference]
* Chrome in-the-wild bug analysis: CVE-2021-30632 https://securitylab.github.com/research/in_the_wild_chrome_cve_2021_30632/
* JS POC sample https://github.com/github/securitylab/blob/main/SecurityExploits/Chrome/v8/CVE-2021-30623/poc.js

#### Thanks to Github Security Lab and Man Yue Mo

File Snapshot


 [4.0K]  /data/pocs/58eca1e6f2688652ae8b49be6a6fbeb682a6b388
├── [5.0K]  CVE-2021-30632.html
├── [9.4M]  demo.gif
└── [ 435]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!