Chrome V8 proof of concept exploit for CVE-2021-21220. The specific flaw exists within the implementation of XOR operation when executed within JIT compiled code.
4a0c5ace29bab9077fd3cb6f30e1b337ebb1207166906d4dc66f459257476092This Metasploit module exploits an issue in the V8 engine on x86_x64 builds of Google Chrome versions prior to 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT'd JavaScript code. Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process. As the V8 process is normally sandboxed in the default configuration of Google Chrome, the browser must be run with the --no-sandbox option for the payload to work correctly.
021951718048ffe0b71a7648ba64e0929b63f860f2b0a3b5424af17523e26274
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed