CVE-2024-8198 PoC — Google Chrome 安全漏洞

Source

https://github.com/HyHy100/Chrome-Skia-CVE-2024-8198

Associated Vulnerability

Title:Google Chrome 安全漏洞 (CVE-2024-8198)
Description:Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome 128.0.6613.113之前版本存在安全漏洞。攻击者利用该漏洞通过特制的HTML页面导致堆损坏。

Description

  PoC for a Chrome integer overflow -> OOB write vulnerability I reported to Google in Skia.

Readme

Fixed in Chrome M128: https://chromereleases.googleblog.com/2024/08/stable-channel-update-for-desktop_28.html

Steps to reproduce:
1. Apply the `chromium.diff` patch to chromium.
2. Run `genskpic.py` to generate `drawable_picture.skp.hh`, then move the generated file to `src/gpu/command_buffer/client`.
3. Build and start the browser.
4. Open `index.html` to trigger PoC.
5. GPU process will crash.

File Snapshot


 [4.0K]  /data/pocs/7a393d2132214ea7c38dc4b347334e27eba86e36
├── [6.7K]  chromium.diff
├── [3.5K]  genskpic.py
├── [ 191]  index.html
└── [ 400]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!