Announcement

Collapse
No announcement yet.

About "Chrome Issue 992914" and "CVE-2019-13720/13721"

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • About "Chrome Issue 992914" and "CVE-2019-13720/13721"

    I'm studying "Chrome Issue 992914". I rested a bit after the project was over. And I'm starting to study again.
    If I don't continue studying now, I lose my sense of hacking again.
    My study method is a little different. I'm using a study method to convert 64-bit exploits to 32-bit.
    Because this study can deepen my understanding of the exploit code.
    I don't have fun learning how to follow others' ways without purpose.
    So I am adopting this study method.

    The most recently completed project looks like this.

    - "Virtually Unlimited Memory: Escaping the Chrome Sandbox" with "CVE-2019-5782"

    - "CVE-2019-5782"
    https://github.com/vngkv123/aSiagami...d-%20-ENG-.pdf
    I have failed to convert the "CVE-2019-5782" vulnerability to 32 bit. There was not enough time given me.

    - "Virtually Unlimited Memory: Escaping the Chrome Sandbox"
    https://googleprojectzero.blogspot.c...-escaping.html
    A few months ago I converted a "Virtually Unlimited Memory: Escaping the Chrome Sandbox" vulnerability to Android Chrome Browser.
    I removed "CVE-2019-5782" and used "CVE-2019-5825".

    The "CVE-2019-5825" vulnerability has been modified to 32-bit based on what is described on the exodusintel.com site.

    - "CVE-2019-5825"
    https://blog.exodusintel.com/2019/04...f-opportunity/
    I've converted "CVE-2019-5825" with "Virtually Unlimited Memory: Escaping the Chrome Sandbox" vulnerability to 32-bit to make it work successfully on Android Chrome Browser.

    Since the result is a paid project, detailed technical details cannot be disclosed.
    I have worked on this kind of project for many years. And I learned how to study more efficient.
    The best way is to convert to 32-bit. At first thought, it seemed very simple, but not simple.
    In the process I learned a lot as a by-product.
    So I recommend this method to other hackers who want to start studying browser hacking.

    The project is over, but for my personal study I am going to study the following CVEs again.
    When I finish my study, I can post an article.

    Latest interesting vulnerability

    https://chromereleases.googleblog.co...esktop_31.html
    https://securelist.com/chrome-0-day-...rdopium/94866/

    Another vulnerability in some lower chrome versions.

    Recently interesting vulnerabilities

    https://blog.exodusintel.com
    https://github.com/exodusintel/Chrom.../chrome_992914
Working...
X