CVE-2021-30632 PoC — Google Chrome 缓冲区错误漏洞

Source

https://github.com/Phuong39/PoC-CVE-2021-30632

Associated Vulnerability

Title:Google Chrome 缓冲区错误漏洞 (CVE-2021-30632)
Description:Google Chrome是美国谷歌（Google）公司的一款Web浏览器。V8是其中的一套开源JavaScript引擎。 Google Chrome 93.0.4577.82之前版本存在缓冲区错误漏洞，该漏洞源于存在越界写入问题。攻击者利用该漏洞通过特制的 HTML 页面导致堆损坏。

Description

PoC CVE-2021-30632 - Out of bounds write in V8

Readme

# PoC-CVE-2021-30632
PoC CVE-2021-30632 - Out of bounds write in V8


Tested against Samsung Internet Browser v15.0.2.47, which does not yet have Google's patch.

This bug is caused by the fact that global property "stores" for existing values with unstable maps are lacking a
stability code dependency in the affected versions.
It is exploitable because global property "loads" benefit from "CheckMaps" removal when a stability code dependency
is in place for their value's map.
The recipe for explotaition involves transitioning from an array of PACKED_SMI elements with a stable map to an array of
PACKED_DOUBLE elements and have multiple JITted functions that deal with each kind of array.
Type confusions between PACKED_SMI and PACKED_DOUBLE elements => Out of bounds R/W.

File Snapshot


 [4.0K]  /data/pocs/bc36fd3c64633c0a27fd1524c6334cb0f2704ecd
├── [5.0K]  poc.html
└── [ 778]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!