Last Week in Security (LWiS) - 2024-07-01
Chrome RCE (@mmolgtm), Windows LPE (@carrot_c4k3 + @tykawaii98), Xerox RCEs+LPE (@_mohemiv), and more!
Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties
github.blogIn this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.