exploit the possibilities
Showing 1 - 25 of 38 RSS Feed

Files from Mark Brand

Email addressmarkbrand at google.com
First Active2015-03-18
Last Active2019-04-10
Chrome FileChooserImpl Use-After-Free
Posted Apr 10, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileChooserImpl.

tags | exploit
MD5 | 9482cae8e5970a7f1be1609209542324
Chrome StoragePartitionService Double-Destruction Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There's a race condition in the destruction of the BindingState for bindings to the StoragePartitionService in Chrome. It looks like the root cause of the issue is that since we can get two concurrent calls to callbacks returned from mojo::BindingSet::GetBadMessageCallback() from the same BindingSet, which results in a data race destroying the same BindingState.

tags | exploit, root
advisories | CVE-2019-5797
MD5 | 93fdcc784fafeb9f017d38fdf6497ad4
Chrome MidiManagerWin Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in MidiManagerWin.

tags | exploit
advisories | CVE-2019-5789
MD5 | dc0f159730c40da031c0642b88e832b2
Chrome FileSystemOperationRunner Use-After-Free
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileSystemOperationRunner.

tags | exploit
advisories | CVE-2019-5788
MD5 | 21b3aa46f914503f58e394a2ab04c463
Chrome ExtensionsGuestViewMessageFilter Data Race
Posted Mar 19, 2019
Authored by Google Security Research, Mark Brand

There appears to be a race condition in the destruction of the ExtensionsGuestViewMessageFilter if the ProcessIdToFilterMap is modified concurrently in Chrome.

tags | exploit
advisories | CVE-2019-5796
MD5 | 443d417c18c99366a21ce4b7f33f13ab
Chrome PaymentRequest Service Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from multiple use-after-free vulnerabilities in the PaymentRequest service.

tags | exploit, vulnerability
MD5 | 542901546f769fa6884fd395a1a3c73e
Chrome FileWriterImpl Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in FileWriterImpl.

tags | exploit
MD5 | 5a9117a1704832a0984afed842bc55a6
Chrome P2PSocketDispatcherHost Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in the RenderProcessHostImpl binding for P2PSocketDispatcherHost.

tags | exploit
MD5 | 48f1ffc95224a0488f9106479cff0242
Chrome RenderFrameHostImpl::CreateMediaStreamDispatcherHost Use-After-Free
Posted Feb 27, 2019
Authored by Google Security Research, Mark Brand

Chrome suffers from a use-after-free vulnerability in RenderFrameHostImpl::CreateMediaStreamDispatcherHost.

tags | exploit
MD5 | 2f25c0e1945b900e5d6e3ae70304edfb
Chrome Mojo DataPipe*Dispatcher Deserialization Lacking Validation
Posted Oct 18, 2018
Authored by Google Security Research, Mark Brand

Chrome has missing validation in the deserialization routines for both DataPipeConsumerDispatcher and DataPipeProducerDispatcher, which take from the incoming message a read_offset/write_offset respectively into shared memory. Providing an offset outside the bounds of the allocated memory will then result in an out-of-bounds read/write when the pipe is used.

tags | advisory
advisories | CVE-2018-16068
MD5 | 08315707021518b918593c1b05081689
Chrome Swiftshader Blitting Floating-Point Precision Errors
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from floating-point precision errors in Swiftshader blitting.

tags | exploit
MD5 | 7b98d22e3cda5e01a29a389816481305
Chrome SwiftShader OpenGL Texture Binding Reference Count Leak
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from a reference count leak in SwiftShader OpenGL texture bindings.

tags | exploit
MD5 | 94c654dcb20a0856b832d97f6fed38a0
Chrome Swiftshader Texture Allocation Integer Overflow
Posted Jul 19, 2018
Authored by Google Security Research, Mark Brand

Chrome suffers from an integer overflow vulnerability in Swiftshader texture allocation.

tags | exploit, overflow
MD5 | b3eb960cb7d3278d871332f5993c7d6c
Chrome V8 Object Allocation Size Integer Overflow
Posted May 4, 2018
Authored by Google Security Research, Mark Brand

Chrome V8 suffers from an integer overflow vulnerability in object allocation size.

tags | exploit, overflow
advisories | CVE-2018-6065
MD5 | d354d3af55153261405bf964d6202de1
Pdfium Shading Pattern Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with shading pattern backed by pattern colorspace.

tags | exploit
MD5 | e26113bd8551c52b88a243b79666f8aa
Pdfium Pattern Shading Integer Overflow
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from integer overflow vulnerabilities in pattern shading.

tags | exploit, overflow, vulnerability
MD5 | 8249e633f7fb1bb2b541a3a9f968bfb2
Pdfium Colorspaces Out-Of-Bounds Read
Posted Feb 15, 2018
Authored by Google Security Research, Mark Brand

Pdfium suffers from an out-of-bounds read vulnerability with nested colorspaces.

tags | advisory
MD5 | 431c828e56dcc082e1091c534174b86f
LG ASFParser::SetMetaData Stack Overflow
Posted Jun 30, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple stack overflows in ASFParser::SetMetaData.

tags | exploit, overflow
MD5 | 11032cdfb45063fe394b921e0d88804a
LG ASFParser::ParseHeaderExtensionObjects Missing Bounds Check
Posted Jun 13, 2017
Authored by Google Security Research, Mark Brand

LG has a memcpy in ASFParser::ParseHeaderExtensionObjects that does not check that the size of the copy is smaller than the size of the source buffer, resulting in an out-of-bounds heap read.

tags | exploit
MD5 | cc4a461769ce92dca6a0c1f92a819609
LG CAVIFileParser::Destroy Out-Of-Bounds Heap Read
Posted Jun 13, 2017
Authored by Google Security Research, Mark Brand

LG suffers from an out-of-bounds read in CAVIFileParser::Destroy resulting in an invalid free.

tags | exploit
MD5 | 51ab5dda3b960588d3452a78cee02602
LG AVI Stream Parsing Missing Bounds-Checking
Posted Jun 13, 2017
Authored by Google Security Research, Mark Brand

LG suffers from missing bounds-checking in AVI stream parsing.

tags | exploit
MD5 | a78e9a54318e6e5bb216dc94b8637df3
LG OGMParser::VerifyVorbisHeader Uninitialized Pointer
Posted May 23, 2017
Authored by Google Security Research, Mark Brand

LG has an issue where a malformed OGM file can cause the use of an uninitialized pointer during Vorbis header verification - vorbis_info_clear is called on a vorbis_info structure that has not previously been initialised by a call to vorbis_info_init.

tags | exploit
MD5 | cc75081f5748ec93fe019a15eef25343
LG mkvparser::Tracks Failed Pointer Initialization
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from a failure to initialize pointer in the mkvparser::Tracks constructor.

tags | exploit
MD5 | 0888abdf84945f9209219f9db48ad8f6
LG mkvparser::Block::Block Heap Buffer Overflows
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

LG suffers from multiple heap buffer overflow vulnerabilities in mkvparser::Block::Block.

tags | exploit, overflow, vulnerability
MD5 | 3d0e37a13001f12db4209248c38a7463
LG liblg_parser_mkv.so Bad Allocation Calls
Posted May 9, 2017
Authored by Google Security Research, Mark Brand

During EBML node parsing the EBML element_size is used unvalidated to allocate a stack buffer to store the element contents. Since calls to alloca simply compile to a subtraction from the current stack pointer, for large sizes this can result in memory corruption and potential remote-code-execution in the mediaserver process. Tested on an LG-G4 with firmware MRA58K.

tags | exploit, remote
MD5 | 711c46670019250996b82da037a5b3ab
Page 1 of 2
Back12Next

File Archive:

July 2019

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    34 Files
  • 2
    Jul 2nd
    15 Files
  • 3
    Jul 3rd
    9 Files
  • 4
    Jul 4th
    8 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    3 Files
  • 7
    Jul 7th
    1 Files
  • 8
    Jul 8th
    15 Files
  • 9
    Jul 9th
    15 Files
  • 10
    Jul 10th
    20 Files
  • 11
    Jul 11th
    17 Files
  • 12
    Jul 12th
    15 Files
  • 13
    Jul 13th
    2 Files
  • 14
    Jul 14th
    1 Files
  • 15
    Jul 15th
    20 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2019 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close