CVE-2025-6554 PoC — Google Chrome 安全漏洞

Source

Associated Vulnerability

Readme

# CVE-2025-6554

## Reproducing the Vulnerability
```setup
for macOS:
brew intsall ninja

git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git
export PATH=/path/to/depot_tools:$PATH

fetch v8
cd v8
git checkout e5b4c78b54e8b033b2701db3df0bf67d3030e4c1
git revert 069790710f28b00ff8d7b4c665eef6b4eb8768f6 -n
gclient sync -D
sh v8asan.sh
autoninja -C out/arm64.asan d8
ASAN_OPTIONS=detect_leaks=1:halt_on_error=0 ./d8 --allow-natives-syntax --trace-opt --trace-deopt poc-CVE-2025-6554.js

for linux:
apt-get update && apt-get install -y git python3 g++ make gdb wget curl

git clone https://chromium.googlesource.com/chromium/tools/depot_tools.git
export PATH="/root/depot_tools:${PATH}"

mkdir -p /root/v8_build_sandbox
cd /root/v8_build_sandbox
fetch v8
cd v8
git checkout e5b4c78b54e8b033b2701db3df0bf67d3030e4c1
git revert 069790710f28b00ff8d7b4c665eef6b4eb8768f6 -n
gclient sync -D
tools/dev/v8gen.py x64.debug.asan
ninja -C out.gn/x64.debug.asan d8
mkdir -p /root/v8_tests
ASAN_OPTIONS=detect_leaks=1:halt_on_error=0 /root/v8_build_sandbox/v8/out.gn/x64.debug.asan/d8 --allow-natives-syntax --trace-opt --trace-deopt /root/v8_tests/poc-CVE-2025-6554.js
```

File Snapshot

 [4.0K]  /data/pocs/b477ee02eee3ef344d1ceddf49f32bdf01c71582
├── [3.5K]  poc-CVE-2025-6554.js
├── [1.2K]  README.md
└── [ 348]  v8asan.sh

0 directories, 3 files

Remarks