what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 35 RSS Feed

Files

Chrome Web Browser Decoder
Posted Dec 29, 2012
Authored by Kevin Devine

Chrome web browser decoder tool that demonstrates recovering passwords.

tags | tool, web
SHA-256 | 66d28558bf59fb4ed56c20e07d16601110120d4096f33f8d5a6591e5cef2732c

Related Files

Chrome 121 Javascript Fork Malloc Bomb
Posted Jan 29, 2024
Authored by Georgi Guninski

Chrome version 121 suffers from a javascript fork malloc vulnerability that indicates memory corruption upon crash.

tags | exploit, denial of service, javascript
SHA-256 | c5fe58fff9338fa2b857b94610a42def7f40d9f7d58140b30fcf25e66b5a7686
Google Chrome 115.0.5790.102 Memory Corruption
Posted Jul 25, 2023
Authored by Jean Pereira

Google Chrome version 115.0.5790.102 WebGPU use-after-free memory corruption proof of concept exploit.

tags | exploit, proof of concept
SHA-256 | 8d8a37ec6a9723c095e854941ee699a99d052bf1885ef10eb39b13deb719ce3d
Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution
Posted May 3, 2021
Authored by Niklas Baumstark, Grant Willcox, Rajvardhan Agarwal, Bruno Keith | Site metasploit.com

This Metasploit module exploits an issue in the V8 engine on x86_x64 builds of Google Chrome versions prior to 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT'd JavaScript code. Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process. As the V8 process is normally sandboxed in the default configuration of Google Chrome, the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, arbitrary, javascript
advisories | CVE-2021-21220
SHA-256 | 021951718048ffe0b71a7648ba64e0929b63f860f2b0a3b5424af17523e26274
Google Chrome SimplfiedLowering Integer Overflow
Posted Apr 9, 2021
Authored by Rajvardhan Agarwal | Site metasploit.com

This Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 (64 bit). The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1. This is abused to gain arbitrary read/write into the isolate region. Then an ArrayBuffer can be used to achieve absolute arbitrary read/write. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, overflow, arbitrary, shellcode
advisories | CVE-2020-16040
SHA-256 | a2c2e0bb6afa9428a1723f49c6bd0ba43ef8b68bb81b7b27053a5cae99795839
Chrome Browser FileReader Use-After-Free
Posted Mar 3, 2021
Authored by Akshay Sharma

This whitepaper goes into detail on how to leverage a Chrome Browser use-after-free vulnerability in FileReader with Metasploit.

tags | paper
advisories | CVE-2019-5786
SHA-256 | 426daf836d595f934234e05cd94b8dc830e5e8415fdebf4f297113f87753387c
Google Chrome 72 / 73 Array.map Corruption
Posted Mar 5, 2020
Authored by timwr, Istvan Kurucsai, dmxcsnsbh | Site metasploit.com

This Metasploit module exploits an issue in Chrome version 73.0.3683.86 (64 bit). The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, arbitrary
advisories | CVE-2019-5825
SHA-256 | 52e7894b7c0f12d602e2b66b2ab86b9e0c4591cd171e7e1ab5ee86c354cbe687
Google Chrome 67 / 68 / 69 Object.create Type Confusion
Posted Mar 5, 2020
Authored by saelo, timwr | Site metasploit.com

This Metasploit modules exploits a type confusion in Google Chrome's JIT compiler. The Object.create operation can be used to cause a type confusion between a PropertyArray and a NameDictionary. The payload is executed within the rwx region of the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work.

tags | exploit
advisories | CVE-2018-17463
SHA-256 | 5a38c9abffbaf08c049cb1b58519cd4edf1737251883302e32656d4b4f6eadc6
Google Chrome 80 JSCreate Side-Effect Type Confusion
Posted Mar 5, 2020
Authored by Clement LECIGNE, timwr, Istvan Kurucsai, Vignesh S Rao | Site metasploit.com

This Metasploit module exploits an issue in Google Chrome version 80.0.3987.87 (64 bit). The exploit corrupts the length of a float array (float_rel), which can then be used for out of bounds read and write on adjacent memory. The relative read and write is then used to modify a UInt64Array (uint64_aarw) which is used for read and writing from absolute memory. The exploit then uses WebAssembly in order to allocate a region of RWX memory, which is then replaced with the payload shellcode. The payload is executed within the sandboxed renderer process, so the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, shellcode
advisories | CVE-2020-6418
SHA-256 | a5ee5e57a9ca7e2030588e33fb91d4f11725ab4661382274202790f8a15b4fc7
Chrome 72.0.3626.119 FileReader Use-After-Free
Posted May 8, 2019
Authored by Clement LECIGNE, timwr, Istvan Kurucsai | Site metasploit.com

This exploit takes advantage of a use after free vulnerability in Google Chrome 72.0.3626.119 running on Windows 7 x86. The FileReader.readAsArrayBuffer function can return multiple references to the same ArrayBuffer object, which can be freed and overwritten with sprayed objects. The dangling ArrayBuffer reference can be used to access the sprayed objects, allowing arbitrary memory access from Javascript. This is used to write and execute shellcode in a WebAssembly object. The shellcode is executed within the Chrome sandbox, so you must explicitly disable the sandbox for the payload to be successful.

tags | exploit, arbitrary, x86, javascript, shellcode
systems | windows
advisories | CVE-2019-5786
SHA-256 | 60039dc761905e4a2ed93286404ec19777dfd73ef434ef8a80431ab28e2ebbc1
Chrome HTTP 1xx Out Of Bounds Read
Posted Dec 19, 2016
Authored by SkyLined

Chrome suffers from an HTTP 1xx base::String-Tokenizer-T<...>::Quick-Get-Next out of bounds read vulnerability.

tags | exploit, web
advisories | CVE-2013-6627
SHA-256 | 1e98ef1c15cfbb5403ae431bbabeb470f15d7ef4d514ed6d6a693821d7b957b6
Chrome Blink SpeechRecognitionController Use-After-Free
Posted Nov 23, 2016
Authored by SkyLined

A specially crafted web-page can cause the blink rendering engine used by Google Chrome and Chromium to continue to use a speech recognition API object after the memory block that contained the object has been freed. An attacker can force the code to read a pointer from the freed memory and use this to call a function, allowing arbitrary code execution. Google Chrome version 39.0 is affected.

tags | exploit, web, arbitrary, code execution
advisories | CVE-2015-1251
SHA-256 | 55331823f8dfff200255c77a7bbd5aa302935b3af6f4e3f1ef14fc56b9da6164
Google Chrome DLL Hijack
Posted Dec 11, 2015
Authored by Stefan Kanthak

Google Chrome's executable installers suffer from a DLL hijacking vulnerability.

tags | exploit
systems | windows
SHA-256 | 224bde92e1c40f51d2ba4b1e631e936dfa88b0fa7bd117702757729ad0205941
Chrome ui::AXTree::Unserialize Use-After-Free
Posted Jul 18, 2015
Authored by SkyLined

Chrome suffers from a ui::AXTree::Unserialize related use-after-free vulnerability.

tags | exploit
SHA-256 | c401c178ffecc2c543e0506717b170b45cb01c6106506bf7304ac67f0c08bfb4
Google Chrome 43.0.2357.124 XSS Filter Bypass
Posted Jun 24, 2015
Authored by Yosi Ovadia

Google Chrome version 43.0.2357.124 suffers from a cross site scripting filter bypass vulnerability.

tags | exploit, xss, bypass
SHA-256 | 76a2fa134b093b8a4f3a4737dc9c2d7dfa87c9cbf70ffc89e1d6d4da91024f1d
Chrome EXIF Viewer 2.4.2 Cross Site Scripting
Posted Jul 31, 2014
Authored by Fady Mohamed Osman

Chrome EXIF Viewer plugin version 2.4.2 suffers from a cross site scripting vulnerability.

tags | exploit, xss
systems | linux
SHA-256 | c644383ea97849908e0131845cba66ddbf35234494ffc174a6062b9d9ba9160a
ChromeFreak Forensic Tool
Posted May 1, 2014
Authored by Osanda Malith

ChromeFreak is a python script that lets you look at history, downloads, bookmarks, and cookies for a given Chrome client.

tags | tool, python, forensics
SHA-256 | 04ef8fca4c69d704bdadc41914416652c14a94a72450dca294bcd9fe0180976d
Google Chrome 31.0 Webkit Auditor Bypass
Posted Sep 24, 2013
Authored by Rafay Baloch, PEPE Vila

Google Chrome version 31.0 suffers from an auditor bypass that allows for cross site scripting attacks to successfully get through.

tags | exploit, xss, bypass
SHA-256 | ba730e1d9e5dba89adb7eb72d4c901489959c46cdbb4688cc1c4ada164dbfbf6
Google Chrome 25.0.1364.152 HTTP Referer Header Faking
Posted Jul 8, 2013
Authored by Liad Mizrachi

Google Chrome version 25.0.1364.152 suffers from an XMLHttpRequest HTTP Referer Header faking vulnerability.

tags | exploit, web
SHA-256 | b637b280b79f7030e948538de6695ffcde18a45fea4e3bb46f714e32896ebea4
Google Chrome 21.0.1180.57 NULL Pointer
Posted Mar 14, 2013
Authored by Heyder Andrade

Google Chrome versions 21.0.1180.57 and below suffer from a NULL pointer vulnerability in InspectDataSource::StartDataRequest.

tags | exploit
SHA-256 | 922f2c1e74a32dc38ee0d67c6334a31517da282683a2f06192b0fea1c6e5da62
Chrome 18 Anti-XSS Bypass
Posted Jun 2, 2012
Authored by Keith Makan

Chrome 18 suffers from an anti-cross site scripting filter bypass vulnerability.

tags | exploit, xss, bypass
SHA-256 | 1a04320110c70fb68d3701680cb02f2d67e96726a3c9acb59bc2023389354ab8
Chome Web Solutions SQL Injection
Posted Jul 27, 2011
Authored by Ehsan_Hp200

Chrome Web Solutions suffers from multiple remote SQL injection vulnerabilities.

tags | exploit, remote, web, vulnerability, sql injection
SHA-256 | ab546c65b6b94292215917956d607c8bc1fd250ded586cf97824fc168dd9f86d
ChromeMedia SQL Injection
Posted May 24, 2011
Authored by Kalashinkov3

ChromeMedia suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 01493938394e0b17f9e89ff245a6bfa7e5bcfbd008998c2a913637a23baa26aa
Google Chrome 10.0.648.205 Stack Overflow
Posted Apr 18, 2011
Authored by C4SS!0 G0M3S

Google Chrome version 10.0.648.205 stack exhaustion exploit.

tags | exploit
SHA-256 | 82d6dc22eadb26bdd8279068c3bbf816cda86c79a4185c6e44c2d3edaa340479
Google Chrome Arbitrary Extensions Detection
Posted Sep 8, 2010
Authored by Lostmon | Site lostmon.blogspot.com

Google Chrome suffers from an installed extensions arbitrary detection vulnerability.

tags | exploit, arbitrary
SHA-256 | 52da5016877181aca474a508679782a3b2ff97357ecd8b355f349ada96f2d008
Google Chrome Stack Exhaustion
Posted Apr 29, 2010
Authored by Jelmer de Hen | Site h.ackack.net

Chrome acronym tag denial of service exploit.

tags | exploit, denial of service
SHA-256 | 2b4afe1e8023a5f2f79d7359cdf7dbc99a736c6d256da5fe974909c893437011
Page 1 of 2
Back12Next

File Archive:

May 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    44 Files
  • 2
    May 2nd
    5 Files
  • 3
    May 3rd
    11 Files
  • 4
    May 4th
    0 Files
  • 5
    May 5th
    0 Files
  • 6
    May 6th
    28 Files
  • 7
    May 7th
    3 Files
  • 8
    May 8th
    4 Files
  • 9
    May 9th
    54 Files
  • 10
    May 10th
    12 Files
  • 11
    May 11th
    0 Files
  • 12
    May 12th
    0 Files
  • 13
    May 13th
    17 Files
  • 14
    May 14th
    11 Files
  • 15
    May 15th
    17 Files
  • 16
    May 16th
    13 Files
  • 17
    May 17th
    22 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    17 Files
  • 21
    May 21st
    18 Files
  • 22
    May 22nd
    7 Files
  • 23
    May 23rd
    111 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close