what you don't know can hurt you
Showing 1 - 25 of 44 RSS Feed

Files from Mark Brand

Email addressmarkbrand at google.com
First Active2015-03-18
Last Active2022-02-07
Chrome storage::BlobBuilderFromStream Uninitializaed On-Stack Pointer
Posted Feb 7, 2022
Authored by Google Security Research, Mark Brand

Chrome suffers from making use of an uninitialized on-stack pointer in storage::BlobBuilderFromStream.

tags | exploit
advisories | CVE-2022-0115
SHA-256 | 7508021fc3ad459f9d4a21d3d34a8201df4467cbbf9015fe49fb42a0ad822203
Chrome SandboxedUnpacker Unsafe Shared Memory Use
Posted Jun 14, 2021
Authored by Google Security Research, Mark Brand

SandboxedUnpacker in Chrome uses shared memory in an unsafe fashion.

tags | advisory
SHA-256 | bc91dd004d418d7fd6b56285f99323944f8802e8dd4b5215b649c990046ed88a
Chrome Legacy ipc::Message Passed Via Shared Memory
Posted Jun 4, 2021
Authored by Google Security Research, Mark Brand

Looking at the Mojo implementation of Chrome's legacy IPC, the legacy ipc::Message type is transferred inside a BigBuffer.

tags | exploit
advisories | CVE-2021-21198
SHA-256 | f543ac8b2cefa9c2b0092803dc79ebe3d0ccba182ed6661ceb724163521a8580
Chrome DataElement Out-Of-Bounds Read
Posted Feb 26, 2021
Authored by Google Security Research, Mark Brand

Chrome suffers from an out-of-bounds read vulnerability in network DataElement struct traits.

tags | exploit
advisories | CVE-2020-16041
SHA-256 | 73bdb3c2018e4f00483c57023d4ad271b24afb3c0d0373d8371a68762c872680
Chrome IndexedDBConnection::Close Use-After-Free
Posted Sep 25, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability due to a double call to IndexedDBConnection::Close.

tags | exploit
SHA-256 | 224d81c1e2768b3a4b05adfeb30a609ac48d837bde76d9cc912b62b3f06e8733
Chrome ~LevelDBIteratorImpl Use-After-Free
Posted Sep 25, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in ~LevelDBIteratorImpl.

tags | exploit
SHA-256 | 422a3b74a14e37e109fac59aed3661fc56ae4c327305a6990330758d6c77737f
Chrome FileChooserImpl Use-After-Free
Posted Apr 10, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileChooserImpl.

tags | exploit
SHA-256 | 0ecbde145d35a4fdef837ba560c9160db3335f5c84f0365d90e9552d8eb3e971
Chrome StoragePartitionService Double-Destruction Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.

tags | exploit, root
advisories | CVE-2019-5797
SHA-256 | e74b2b8256d75d7a1f9c0936ff14ed0a0b8cf12cea0653834d4403581f08f4b0
Chrome MidiManagerWin Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in MidiManagerWin.

tags | exploit
advisories | CVE-2019-5789
SHA-256 | 5561abfbf792852e4be2a5a6f9908418ba3bb61c352292347a907340f971abf6
Chrome FileSystemOperationRunner Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner.

tags | exploit
advisories | CVE-2019-5788
SHA-256 | 175e33f2fe84321b31ba9922dcb3c0c36eff272a29a2b1a39380be7b60162958
Chrome ExtensionsGuestViewMessageFilter Data Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome.

tags | exploit
advisories | CVE-2019-5796
SHA-256 | 153cc2f98cfe6458909e177b32d616e5357adc7532ae04962d456870e9b99131
Chrome PaymentRequest Service Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from multiple use-after-free vulnerabilities in the PaymentRequest service.

tags | exploit, vulnerability
SHA-256 | fb9baf689c47875cf56ed6918386a270499142ea5e915be52d8936b09ba2adbb
Chrome FileWriterImpl Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileWriterImpl.

tags | exploit
SHA-256 | 2dd17dbd1895915d6546d52f25a07461fc335eb44dcded0bf7d33720916ebe5c
Chrome P2PSocketDispatcherHost Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in the RenderProcessHostImpl binding for P2PSocketDispatcherHost.

tags | exploit
SHA-256 | 11fb3cadf252944e7b29e9069845929d7d4986f025488c7c0c80f5dc9b88bb27
Chrome RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in RenderFrameHostImpl::CreateMediaStreamDispatcherHost.

tags | exploit
SHA-256 | fb031633c01be0530ba93f915787ad97df1516fb4d5cc8dcbb8d0b436e7ca99a
Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation
Posted Oct 18, 2018
Authored by Google Security Research, Mark Brand

Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.

tags | advisory
advisories | CVE-2018-16068
SHA-256 | d1c10f2bf9feaa3822d838795ee22e210b6fbe031a801f2821a9365aceb1fd14
Chrome Swiftshader Blitting Floating-Point Precision Errors
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from floating-point precision errors in Swiftshader blitting.

tags | exploit
SHA-256 | 55329bd2920eaa9d39110322696bef158e0b340f65c27b63cceed9585601bc64
Chrome SwiftShader OpenGL Texture Binding Reference Count Leak
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.

tags | exploit
SHA-256 | 04d325a817231ab9f0764272b559378b2d3fe10f9b33e17341521360cd5f6b9e
Chrome Swiftshader Texture Allocation Integer Overflow
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.

tags | exploit, overflow
SHA-256 | 6587e8951f4e79c87ecd7b6a16fa91a40d27b5f94453f1ea87b0a9789512a6be
Chrome V8 Object Allocation Size Integer Overflow
Posted May 4, 2018
Authored by Google Security Research, Mark Brand

Chrome V8 suffers from an integer overflow vulnerability in object allocation size.

tags | exploit, overflow
advisories | CVE-2018-6065
SHA-256 | ff8f6ea3f286a12d25b238442f6fc1ab337a443b0622cd2b2f518a85f646b577
Pdfium Shading Pattern Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with shading pattern backed by pattern colorspace.

tags | exploit
SHA-256 | 02680f03b5081f40044a2e4ca25561b68960dcd1b645e45aa7c8482ac2740d08
Pdfium Pattern Shading Integer Overflow
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from integer overflow vulnerabilities in pattern shading.

tags | exploit, overflow, vulnerability
SHA-256 | 4d935fa943fbc44b9937952cadde9af1947020b1ac363f12570b622bf6f56911
Pdfium Colorspaces Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with nested colorspaces.

tags | advisory
SHA-256 | 12f03767c9d43e8a501e1d3a1b41c4dd55373be4fd2eac5418f3d65528b4290b
LG ASFParser::SetMetaData Stack Overflow
Posted Jun 30, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple stack overflows in ASFParser::SetMetaData.

tags | exploit, overflow
SHA-256 | ea05f7a62253726acc0eb18d46ed9849a18b0dea1654d3211310564f7f79f2fe
LG ASFParser::ParseHeaderExtensionObjects Missing Bounds Check
Posted Jun 13, 2017
Authored by Google Security Research, Mark Brand

LG has a memcpy in ASFParser::ParseHeaderExtensionObjects that does not check that the size of the copy is smaller than the size of the source buffer, resulting in an out-of-bounds heap read.

tags | exploit
SHA-256 | f690404919f0a56a0dd98b93cd9b75a9a17ac070cdca41f9c04a645106020710
Page 1 of 2
Back12Next

File Archive:

May 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    May 1st
    0 Files
  • 2
    May 2nd
    15 Files
  • 3
    May 3rd
    19 Files
  • 4
    May 4th
    24 Files
  • 5
    May 5th
    15 Files
  • 6
    May 6th
    14 Files
  • 7
    May 7th
    0 Files
  • 8
    May 8th
    0 Files
  • 9
    May 9th
    13 Files
  • 10
    May 10th
    7 Files
  • 11
    May 11th
    99 Files
  • 12
    May 12th
    45 Files
  • 13
    May 13th
    7 Files
  • 14
    May 14th
    0 Files
  • 15
    May 15th
    0 Files
  • 16
    May 16th
    0 Files
  • 17
    May 17th
    0 Files
  • 18
    May 18th
    0 Files
  • 19
    May 19th
    0 Files
  • 20
    May 20th
    0 Files
  • 21
    May 21st
    0 Files
  • 22
    May 22nd
    0 Files
  • 23
    May 23rd
    0 Files
  • 24
    May 24th
    0 Files
  • 25
    May 25th
    0 Files
  • 26
    May 26th
    0 Files
  • 27
    May 27th
    0 Files
  • 28
    May 28th
    0 Files
  • 29
    May 29th
    0 Files
  • 30
    May 30th
    0 Files
  • 31
    May 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close