Exploiting Chrome V8: Krautflare (35C3 CTF 2018) · Jay Bosamiya

doar-e.github.io Nov 17, 2020

0 inbound links en exploitation chromev8turbofanexploitationreverse-engineeringkernel poolms10-058tcpip.sys

Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan

Jack Hacks Jack Halon Nov 16, 2022

In my previous post “Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals”, we took our first deep dive into the world of browser exploitation by covering a few complex topics that were necessary for fundamental knowledge. We mainly covered topics on how JavaScript and V8 worked under the hood by exploring what objects, maps and shapes were, how these objects were structured in memory, and we also covered some basic memory optimizations such as pointer tagging and pointer compression. We also touched on the compiler pipeline, bytecode interpreter, and code optimizations.

2 inbound links article en

Introduction to TurboFan

doar-e.github.io Jan 28, 2019

3 inbound links en exploitation v8turbofanexploitation

Diary of a reverse-engineer

doar-e.github.io May 5, 2023

0 inbound links en exploitationmiscreverse-engineering Pwn2Own MiamiPwn2Own 2022ICSParacosmeICONICSICONICS Genesis64Genesis640-click remote code executionCVE-2022-33318ZDI-22-1041ICSA-22-202-04GenBroker64.exeexploitationmemory-corruptionPwn2Own AustinprinterscanonMF644CdwImageCLASSCVE-2022-24674ZDI-22-516Pwn2OwnroutersTP-LinkArcher C7TP-Link Archer C7 V5Zenithremote kernelNetUSBCVE-2022-24354IDAbug-bountysnapshot fuzzingkvmwinhvwhvbochsfuzzingbochscputcpip.sysCVE-2021-24086Ipv6pReassembleDatagramfragmentationrecursive-fragmentationchromev8turbofanionionmonkeyspidermonkeyfirefoxblazefoxwindowsttd

Circumventing Chrome's hardening of typer bugs

doar-e.github.io May 9, 2019

3 inbound links en exploitation v8turbofanchromeexploitation