Zero Day Initiative - CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome

from Zero Day Initiative 2 weeks ago

Master of Pwn winner Manfred Paul details CVE-2024-2887 - a type confusion bug in Google Chrome and Microsoft Edge (Chromium) exploited for code execution in the renderer.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome

Exploiting V8 JavaScript & WebAssembly engine bypasses the Ubercage memory sandbox for arbitrary shellcode execution within browser sandbox.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome

Root cause of WebAssembly Universal Type Confusion explained, allowing declaration of struct types and recursive type groups in WebAssembly.
Zero Day Initiativehttps://www.thezdi.com/blog/2024/5/2/cve-2024-2887-a-pwn2own-winning-bug-in-google-chrome

Read at Zero Day Initiative

#cve-2024-2887 #type-confusion #exploit #v8-javascript-engine #webassembly

[

]

[

...

]

Zero Day Initiative - CVE-2024-2887: A Pwn2Own Winning Bug in Google ChromeZero Day Initiative - CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome Briefly

Zero Day Initiative - CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome
Zero Day Initiative - CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome
Briefly