CVE-2024-9954 PoC — Google Chrome 安全漏洞

Source

https://github.com/zetraxz/CVE-2024-9954

Associated Vulnerability

Title:Google Chrome 安全漏洞 (CVE-2024-9954)
Description:Google Chrome是美国谷歌（Google）公司的一款Web浏览器。 Google Chrome 130.0.6723.58之前版本存在安全漏洞，该漏洞源于存在释放后重用，允许远程攻击者通过精心设计的HTML页面潜在地利用堆损坏。

Readme

# CVE-2024-9954

## Overview
A use-after-free vulnerability in the AI component of Google Chrome versions prior to 130.0.6723.58.
Allows a remote attacker to exploit heap corruption through a crafted HTML page.

## Vulnerability Details

- **ID**: CVE-2024-9954
- **Severity**: High
- **Tags**: cve, cve2024, http, js, go, cve-2024-9953

## Exploit Desctiption

Exploit builds up a vulnerable HTTP2 Node.js server (server-nossl.js) based on CVE-2024-9954.


![image](https://github.com/user-attachments/assets/4370f4e3-f755-4c7a-8016-ce56a7bcefe3)

Notes:
  - ```client.js``` is a small client script to test the HTTP2 server.
  - ```exploit/``` contains the exploit code for the vulnerability.
  - ```server-nossl.js``` is vulnerable to the continuation flood attack.
    
## Requirement

Go, JavaScript, Dockerfile

  

### Private Sell Exploit(Only 2 hands):
[Download](https://ur0.jp/zqCBf)



Use this exploit in a controlled environment only.

For inquiries, please contact zetraxz@thesecure.biz

File Snapshot


 [4.0K]  /data/pocs/c35ca9f63e32e6fbab4f707dccaff8eb04b0aa7d
└── [1002]  README.md

0 directories, 1 file

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!