diff --git a/SecurityExploits/Chrome/v8/CVE_2024_5830/README.md b/SecurityExploits/Chrome/v8/CVE_2024_5830/README.md new file mode 100644 index 0000000..c4886cc --- /dev/null +++ b/SecurityExploits/Chrome/v8/CVE_2024_5830/README.md @@ -0,0 +1,21 @@ +## V8 type confusion CVE-2024-5830 + +The analysis of this bug can be found [here](https://github.blog/2024-08-13-from-object-transition-to-rce-in-the-chrome-renderer). + +The exploit here is tested on the official build of Chrome version 125.0.6422.112, on Ubuntu 22.04. The following build config was used to build Chromium: + +``` +is_debug = false +symbol_level = 1 +blink_symbol_level = 1 +dcheck_always_on = false +is_official_build = true +chrome_pgo_phase = 0 +v8_symbol_level = 1 +``` + +If successful, on Ubuntu 22.04, it should call launch `xcalc` when `calc.html` is opened in Chrome. + +Shell code and some addresses may need changing on other platforms. + + diff --git a/SecurityExploits/Chrome/v8/CVE_2024_5830/calc.html b/SecurityExploits/Chrome/v8/CVE_2024_5830/calc.html new file mode 100644 index 0000000..6370e6d --- /dev/null +++ b/SecurityExploits/Chrome/v8/CVE_2024_5830/calc.html @@ -0,0 +1,197 @@ + +
+ + +