exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 25 of 56 RSS Feed

Files from Mark Brand

Email addressmarkbrand at google.com
First Active2015-03-18
Last Active2024-02-28
Telegram For Android Connection::onReceivedData Use-After-Free
Posted Feb 28, 2024
Authored by Google Security Research, Mark Brand

In the tgnet library used in Telegram messenger for Android, there is a use-after-free vulnerability in Connection::onReceivedData that can be triggered remotely.

tags | exploit
SHA-256 | bca6a67a76c752f1ecdcd8907312e1eb9daa4808f56fcf845f91420c4d98f5d4
Chrome BindTextSuggestionHostForFrame Type Confusion
Posted Jan 3, 2024
Authored by Google Security Research, Mark Brand

Chrome suffers from a type confusion vulnerability in BindTextSuggestionHostForFrame.

tags | exploit
advisories | CVE-2023-6348
SHA-256 | 1e0d6c4d28506761410dab47785b5675017ec524a79f43e93784caf59927dfba
Chrome SKIA Integer Overflow
Posted Oct 5, 2023
Authored by Google Security Research, Mark Brand

When deserializing an SkPath, there is some basic validation performed to ensure that the contents are consistent. This validation does not use safe integer types, or perform additional validation, so it's possible for a large path to overflow the point count, resulting in an unsafe SkPath object.

tags | exploit, overflow
advisories | CVE-2023-4354
SHA-256 | 7e0793cb8767bd5e3e5ac3845bbfc7ec6d83d30f81733f1592b40df7805b3a2f
Chrome IPCZ FragmentDescriptors Missing Validation
Posted Aug 18, 2023
Authored by Google Security Research, Mark Brand

Chrome IPCZ FragmentDescriptors are not validated allowing for an out-of-bounds crash condition.

tags | exploit
advisories | CVE-2023-3732
SHA-256 | adc68a8b0a6ff50085071702ac5d18e4499b667b8b192dadf209cd4cf9ae81ee
Chrome Mojo Message Validation Bypass
Posted Jul 2, 2023
Authored by Google Security Research, Mark Brand

During a Mojo IPC method call, there are multiple stages of validation and deserialization that take place. These assume that the contents of the message cannot be modified during the deserialization process, but the new core_ipcz implementation returns message contents directly in shared memory.

tags | exploit
advisories | CVE-2023-2934
SHA-256 | 572a756cadc51b22a907293f84e2b304799a3abe0592f9635a0caac2967f8acd
Chrome SpvGetMappedSamplerName Out-Of-Bounds String Copy
Posted Apr 21, 2023
Authored by Google Security Research, Mark Brand

Chrome has an issue where there is an out-of-bounds string copy that can occur when parsing a uniform sampler name in SpvGetMappedSamplerName.

tags | exploit
advisories | CVE-2023-1534
SHA-256 | 6d914ad5ce8a9613e3083a3bd37687308877fb722821402fb41c97094ed4c0e7
Chrome GL_ShaderBinary Untrusted Process Exposure
Posted Apr 21, 2023
Authored by Google Security Research, Mark Brand

Chrome has an issue where the GL_ShaderBinary is exposed to untrusted processes.

tags | exploit
advisories | CVE-2023-1534
SHA-256 | aaac59d091c9d8a436590663b90c29e1fe3765edf9f601ab76805baa4e39f431
Chrome media::mojom::VideoFrame Missing Validation
Posted Apr 21, 2023
Authored by Google Security Research, Mark Brand

Chrome suffers from an issue where the traits for media::mojom::VideoFrame do not perform any validation on the stride and offset parameters when deserializing untrusted message data.

tags | exploit
advisories | CVE-2023-1532
SHA-256 | eef4ad83a3864cabde0b440774e63637f5458711c23fa69aeeee0b48adefd113
Chrome WebGL Uniform Integer Overflows
Posted Aug 4, 2022
Authored by Google Security Research, Mark Brand

The WebGL implementation for setting uniform values with an ArrayBuffer argument do not properly handle large buffer sizes. As WASM now allows allocating large ArrayBuffers, this can lead to buffer overflows when writing to the GPU command buffer.

tags | exploit, overflow
advisories | CVE-2022-2415
SHA-256 | 0bdf6d06a281ed2823e5f46ea472615509e7f1f676d5bd3238d8cfd3b783d262
Chrome Scope Break
Posted Jul 21, 2022
Authored by Google Security Research, Mark Brand

Chrome has an issue where raw_ptr broke implicit scoped_refptr for receivers in base::Bind.

tags | exploit
advisories | CVE-2022-2156
SHA-256 | 608734695dfbbf56d37a25c6b0e92ec571e720ac20c50496dd9608c3ee36b587
Chrome PaintImage Deserialization Out-Of-Bounds Read
Posted Jul 11, 2022
Authored by Google Security Research, Mark Brand

The code in cc::PaintImageReader::Read (cc::PaintImage*) does not properly check the incoming data when handling embedded image data, resulting in an out-of-bounds copy into the filter bitmap data.

tags | exploit
advisories | CVE-2022-2010
SHA-256 | 3442a632be9dec3260619421059a97062f1e5b5331769ad612a11a97ecf3ec9b
Chrome WebGPUDecoderImpl::DoRequestDevice Missing Bounds Check
Posted Jun 20, 2022
Authored by Google Security Research, Mark Brand

Chrome suffers from a missing bounds check in WebGPUDecoderImpl::DoRequestDevice.

tags | exploit
advisories | CVE-2022-1483
SHA-256 | ef3fbfbf0d934cc45efe08abfdf55bd55ba171f52a654e23e476c7b46f1b6cca
Chrome storage::BlobBuilderFromStream Uninitializaed On-Stack Pointer
Posted Feb 7, 2022
Authored by Google Security Research, Mark Brand

Chrome suffers from making use of an uninitialized on-stack pointer in storage::BlobBuilderFromStream.

tags | exploit
advisories | CVE-2022-0115
SHA-256 | 7508021fc3ad459f9d4a21d3d34a8201df4467cbbf9015fe49fb42a0ad822203
Chrome SandboxedUnpacker Unsafe Shared Memory Use
Posted Jun 14, 2021
Authored by Google Security Research, Mark Brand

SandboxedUnpacker in Chrome uses shared memory in an unsafe fashion.

tags | advisory
SHA-256 | bc91dd004d418d7fd6b56285f99323944f8802e8dd4b5215b649c990046ed88a
Chrome Legacy ipc::Message Passed Via Shared Memory
Posted Jun 4, 2021
Authored by Google Security Research, Mark Brand

Looking at the Mojo implementation of Chrome's legacy IPC, the legacy ipc::Message type is transferred inside a BigBuffer.

tags | exploit
advisories | CVE-2021-21198
SHA-256 | f543ac8b2cefa9c2b0092803dc79ebe3d0ccba182ed6661ceb724163521a8580
Chrome DataElement Out-Of-Bounds Read
Posted Feb 26, 2021
Authored by Google Security Research, Mark Brand

Chrome suffers from an out-of-bounds read vulnerability in network DataElement struct traits.

tags | exploit
advisories | CVE-2020-16041
SHA-256 | 73bdb3c2018e4f00483c57023d4ad271b24afb3c0d0373d8371a68762c872680
Chrome IndexedDBConnection::Close Use-After-Free
Posted Sep 25, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability due to a double call to IndexedDBConnection::Close.

tags | exploit
SHA-256 | 224d81c1e2768b3a4b05adfeb30a609ac48d837bde76d9cc912b62b3f06e8733
Chrome ~LevelDBIteratorImpl Use-After-Free
Posted Sep 25, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in ~LevelDBIteratorImpl.

tags | exploit
SHA-256 | 422a3b74a14e37e109fac59aed3661fc56ae4c327305a6990330758d6c77737f
Chrome FileChooserImpl Use-After-Free
Posted Apr 10, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileChooserImpl.

tags | exploit
SHA-256 | 0ecbde145d35a4fdef837ba560c9160db3335f5c84f0365d90e9552d8eb3e971
Chrome StoragePartitionService Double-Destruction Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.

tags | exploit, root
advisories | CVE-2019-5797
SHA-256 | e74b2b8256d75d7a1f9c0936ff14ed0a0b8cf12cea0653834d4403581f08f4b0
Chrome MidiManagerWin Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in MidiManagerWin.

tags | exploit
advisories | CVE-2019-5789
SHA-256 | 5561abfbf792852e4be2a5a6f9908418ba3bb61c352292347a907340f971abf6
Chrome FileSystemOperationRunner Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner.

tags | exploit
advisories | CVE-2019-5788
SHA-256 | 175e33f2fe84321b31ba9922dcb3c0c36eff272a29a2b1a39380be7b60162958
Chrome ExtensionsGuestViewMessageFilter Data Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome.

tags | exploit
advisories | CVE-2019-5796
SHA-256 | 153cc2f98cfe6458909e177b32d616e5357adc7532ae04962d456870e9b99131
Chrome PaymentRequest Service Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from multiple use-after-free vulnerabilities in the PaymentRequest service.

tags | exploit, vulnerability
SHA-256 | fb9baf689c47875cf56ed6918386a270499142ea5e915be52d8936b09ba2adbb
Chrome FileWriterImpl Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileWriterImpl.

tags | exploit
SHA-256 | 2dd17dbd1895915d6546d52f25a07461fc335eb44dcded0bf7d33720916ebe5c
Page 1 of 3
Back123Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close