10 matches found
EUVD-2018-0225
Malware in sbrugna...
CVE-2023-45592
A CWE-250 “Execution with Unnecessary Privileges” vulnerability in the embedded Chromium browser due to the binary being executed with the “--no-sandbox” option and with root privileges exacerbates the impacts of successful attacks executed against the browser. This issue affects: AiLux imx6 bund...
Format string
Pandoc is a Haskell library for converting from one markup format to another, and a command-line tool that uses this library. Starting in version 1.13 and prior to version 3.1.4, Pandoc is susceptible to an arbitrary file write vulnerability, which can be triggered by providing a specially crafte...
Google Chrome SimplfiedLowering Integer Overflow Exploit
This Metasploit module exploits an issue in Google Chrome versions before 87.0.4280.88 64 bit. The exploit makes use of an integer overflow in the SimplifiedLowering phase in turbofan. It is used along with a typer hardening bypass using ArrayPrototypeShift to create a JSArray with a length of -1...
Google Chrome 80 - JSCreate Side-effect Type Confusion (Metasploit)
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Google Chrome 80 JSCreate side-effect type confusion exploit', 'Description' = %q This module exploits an issue in Google Chrome 80.0.3987.87 64...
Google Chrome 72 / 73 Array.map Corruption Exploit
This Metasploit module exploits an issue in Chrome version 73.0.3683.86 64 bit. The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to...
Google Chrome 72 and 73 Array.map exploit
This module exploits an issue in Chrome 73.0.3683.86 64 bit. The exploit corrupts the length of a float in order to modify the backing store of a typed array. The typed array can then be used to read and write arbitrary memory. The exploit then uses WebAssembly in order to allocate a region of RW...
Remote code execution
Based on details posted by the ElectronJS team; A remote code execution vulnerability has been discovered in Google Chromium that affects all recent versions of Electron. Any Electron app that accesses remote content is vulnerable to this exploit, regardless of whether the sandbox option is enabl...
CVE-2017-16151
CVE-2017-16151 describes a remote code execution vulnerability in Google Chromium that affects Electron apps. The issue, affecting all recent Electron versions when loading remote content, can be triggered regardless of the sandbox option being enabled. The exposed component is Electron’s integra...
Remote Code Execution
Electron is vulnerable to remote code execution RCE attacks. These attacks affect all Electron apps which access remote content, this includes applications using the sandbox option...