Browser Exploitation

This page contains all information related to the browser exploitation.

Google Chrome, Google Chrome OS, V8

Nr URL Description Date Author OS/Arch Info
1 A Tale of Two Pwnies (Part 1) 22-05-2012 Jorge Lucangeli Obes, Justin Schuh - N/A
2 A Tale of Two Pwnies (Part 2) 11-06-2012 Ken Buchanan, Chris Evans, Charlie Reis, Tom Sepez - N/A
3 https://scarybeastsecurity.blogspot.d... 03-02-2013 Exploiting 64-bit Linux like a boss Linux Chris Evans N/A
4 MWR Labs Pwn2Own 2013 Write-up - Webkit Exploit 19-04-2013 MWR - N/A
5 Mobile Pwn2Own Autumn 2013 - Chrome on Android - Exploit Writeup Autumn 2013 Ian Beer Android N/A
6 Chrome exploit: V8 properties + P2PHostMsg_Send 22-09-2014 Jüri Aedla - CVE-2014-3188
7 http://researchcenter.paloaltonetwor... Google Chrome Exploitation – A Case Study 14-12-2014 Palo Alto Networks - CVE-2014-1705
8 Advanced Exploitation of Chrome 42 64bit on Windows 8.1 + EMET 5.2 19-03-2015 JungHoon (lokihardt) Lee Windows 8.1 N/A
9 https://googleprojectzero.blogspot.d... Racing MIDI messages in Chrome 04-02-2016 Oliver Chang *nix N/A
10 Advanced Exploitation of Chrome 64-bit on Windows 10 17-03-2016 JungHoon (lokihardt) Lee Windows 10 N/A
11 Pwn2Own V8 OOB Bug writeup 26-10-2016 ? Android N/A
12 https://googleprojectzero.blogspot.d... Chrome OS exploit: one byte overflow and symlinks 14-12-2016 ? Chrome OS N/A
13 Exploiting a V8 OOB write 24-05-2017 halbecaf Linux N/A
14 SSD Advisory – Chrome Turbofan Remote Code Execution 16-08-2017 Maor Schwartz - N/A

Microsoft Edge, ChakraCore

Nr URL Description Date Author OS/Arch Info
1 Three roads lead to Rome 29-11-2016 Luke Viruswalker Windows CVE-2016-7201
2 CHAKRA JIT CFG BYPASS 14-12-2016 Theori Windows MS16-119
3 Exploiting MS16-145: MS Edge TypedArray.sort Use-After-Free (CVE-2016-7288) 02-05-2017 Francisco Falcon Windows CVE-2016-7288
4 CHECK IT OUT: ENFORCEMENT OF BOUNDS CHECKS IN NATIVE JIT CODE 05-10-2017 Simon Zuckerbraun Windows CVE-2017-0234

Microsoft Internet Explorer, jscript, ChakraCore

Nr URL Description Date Author OS/Arch Info
1 Pwn2Own 2010 Windows 7 Internet Explorer 8 exploit xx-xx-2010 Peter Vreugdenhil Windows N/A
2 Memory disclosure technique for Internet Explorer 09-06-2011 Ivan Fratric Windows N/A
3 Insecticides don't kill bugs, Patch Tuesdays do 16-06-2011 d0c_s4vage Windows CVE-2011-1260
4 Post-mortem Analysis of a Use-After-Free Vulnerability (CVE-2011-1260) 07-07-2011 Matt Graeber Windows CVE-2011-1260
5 Reliable Windows 7 Exploitation: A Case Study 28-02-2012 Ivan Fratric Windows CVE-2011-1999
6 Anatomy of an exploit – inside the CVE-2013-3893 Internet Explorer zero-day 11-10-2013 Paul Ducklin Windows CVE-2013-3893
7 Exploiting Internet Explorer 11 64-bit on Windows 8.1 Preview 06-11-2013 Ivan Fratric Windows N/A
8 A BROWSER IS ONLY AS STRONG AS ITS WEAKEST BYTE 26-11-2013 Peter Vreugdenhil Windows CVE-2013-3147
9 A BROWSER IS ONLY AS STRONG AS ITS WEAKEST BYTE – PART 2 09-12-2013 Peter Vreugdenhil Windows CVE-2013-3147
10 https://googleprojectzero.blogspot.d... Internet Explorer EPM Sandbox Escape CVE-2014-6350 01-12-2014 James Forshaw Windows CVE-2014-6350
11 Dude, where’s my heap? 16-06-2015 Ivan Fratric Windows N/A
12 Abusing Silent Mitigations: Understanding weaknesses within Internet Explorer’s Isolated Heap and MemoryProtection 19-06-2015 Abdul-Aziz Hariri, Simon Zuckerbraun, Brian Gorenc Windows N/A
13 Exploiting CVE-2014-0282 16-12-2015 Katy Winterborn Windows CVE-2014-0282
14 Look Mom, I don’t use Shellcode: Browser Exploitation Case Study for Internet Explorer 11 xx-xx-2016 Moritz Jodeit Windows N/A
15 FROM CRASH TO EXPLOIT: CVE-2015-6086 – OUT OF BOUND READ/ASLR BYPASS 18-01-2016 payatu Windows CVE-2015-6086
16 Exploiting Internet Explorer's MS15-106, Part I: VBScript Filter Type Confusion Vulnerability (CVE-2015-6055) 25-04-2016 Francisco Falcón Windows CVE-2015-6055
17 Exploiting Internet Explorer’s MS15-106, Part II: JScript ArrayBuffer.slice Memory Disclosure (CVE-2015-6053) 14-06-2016 Francisco Falcón Windows CVE-2015-6053
18 PATCH ANALYSIS OF CVE-2016-0189 22-06-216 Theori Windows CVE-2016-0189
19 An Introduction to Use After Free Vulnerabilities 05-08-2016 Lloyd Simon Windows N/A

Mozilla Firefox, Spidermonkey

Nr URL Description Date Author OS/Arch Info
1 Exploiting CVE-2011-2371 (FF reduceRight) without non-ASLR modules 22-02-2012 pakt - CVE-2011-2371
2 Here's that FBI Firefox Exploit for You (CVE-2013-1690) 07-08-2013 sinn3r - CVE-2013-1690
3 https://bug1145255.bmoattachments.or... Pwn2Own 2015 Firefox exploit xx-xx-2015 ilxu1a - CVE-2015-0817
4 R7-2015-04 Disclosure: Mozilla Firefox Proxy Prototype RCE (CVE-2014-8636) 23-03-2015 Joe Vennix - CVE-2014-8636
5 OR'LYEH? The Shadow over Firefox xx-xx-2016 argp - N/A
6 12 Days of HaXmas: A Fireside Foray into a Firefox Fracas 29-12-2016 William Webb - N/A
7 Exploiting a Cross-mmap Overflow in Firefox 10-03-2017 saelo macOS CVE-2016-9066
8 Share with care: Exploiting a Firefox UAF with shared array buffers 21-06-2017 bkth, eboda Linux N/A
9 The Return of the JIT (Part 1) 13-07-2017 Rh0 - CVE-2017-5375, CVE-2017-5400
10 The Return of the JIT (Part 2) 17-07-2017 Rh0 - CVE-2017-5375, CVE-2017-5400

Apple Safari (and other WebKit-based browsers), JavaScriptCore

Nr URL Description Date Author OS/Arch Info
1 Engineering Heap Overflow Exploits with JavaScript xx-xx-2008 Mark Daniel, Jake Honoroff, Charlie Miller Mac N/A
2 Hacking the PS4, part 2: Userland code execution xx-xx-xxxx CTurt PS N/A
3 WebKit CSS Type Confusion 15-12-2010 Chris Rohlf - N/A
4 https://googleprojectzero.blogspot.d... pwn4fun Spring 2014 - Safari - Part I 24-07-2014 Ian Beer Mac N/A
5 JavaScriptCore CSI: A Crash Site Investigation Story 01-06-2016 Mark Lam Mac N/A
6 Section 1: Pegasus Exploitation of Safari (CVE-2016-4657) xx-xx-2016 Max Bazaliy, Cris Neckar, Greg Sinclair, in7egral iOS CVE-2016-4657
7 Exploiting WebKit on Vita 3.60 18-08-2016 ? PS N/A
8 Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622 (2016-10-27) 27-10-2016 saelo Mac CVE-2016-4622
9 Pwn2Own 2017: UAF in JSC::CachedCall (WebKit) 04-05-2017 niklasb, saelo Mac CVE-2017-2491
10 https://scarybeastsecurity.blogspot.... Ode to the use-after-free: one vulnerable function, a thousand possibilities 05-05-2017 Chris Evans Linux CVE-2012-3748
11 Exploiting an integer overflow with array spreading (WebKit) 02-06-2017 niklasb, saelo Mac CVE-2017-2536
12 DECONSTRUCTING A WINNING WEBKIT PWN2OWN ENTRY 24-08-2017 Jasiel Spelman Mac CVE-2017-2547

Other browsers


Nr URL Description Date Author OS/Arch Info
1 https://googleprojectzero.blogspot.d... Exploiting CVE-2014-0556 in Flash 23-09-2014 Chris Evans - CVE-2014-0556
2 https://googleprojectzero.blogspot.d... (^Exploiting)\s(CVE-2015-0318)\s(in)\s*(Flash$) 12-02-2015 Mark Brand - CVE-2015-0318
3 https://googleprojectzero.blogspot.d... A Tale of Two Exploits 13-04-2015 Natalie Silvanovich - CVE-2015-0336
4 https://googleprojectzero.blogspot.d... One Perfect Bug: Exploiting Type Confusion in Flash 20-06-2015 Natalie Silvanovich - CVE-2015-3077
5 https://googleprojectzero.blogspot.d... Life After the Isolated Heap 28-03-2016 Natalie Silvanovich - CVE-2016-0998, CVE-2016-0984
6 Playing in the Remote Sandbox: Adobe Flash Windows User Credentials Disclosure Vulnerability (CVE-2017-3085) 08-08-2017 Björn Ruytenberg - CVE-2017-3085

Vulnerability research in general

Nr URL Description Date Author OS/Arch Info
1 DIGGING DEEP INTO THE FLASH SANDBOXES xx-xx-2012 Paul Sabanal, Mark Vincent Yason - N/A
2 $hell on Earth: From Browser to System Compromise xx-xx- 2016 Matt Molinyawe, Abdul-Aziz Hariri, Jasiel Spelman - N/A
3 Internet Explorer 10/11 Exploitation - Massimiliano Tomassoli Windows N/A
4 The art of reverse-engineering Flash exploits xx-07-2016 Jeong Wook Oh - CVE-2015-5122, CVE-2015-8651, CVE-2016-1010, CVE-2015-0336, CVE-2015-8446, CVE-2015-8651
5 Browser Security White Paper 19-09-2017 Markus Vervier, Michele Orrù, Berend-Jan Wever, Eric Sesterhenn N/A -
6 Cure53 Browser Security White Paper 20-09-2017 Mario Heiderich, Alex Inführ, Fabian Fäßler, Nikolai Krein, Masato Kinugawa, Filedescriptor, Dario Weißer N/A -


Nr URL Description
1 A collection of JavaScript engine CVEs with PoCs
2 List of Browser Mitigations

results matching ""

    No results matching ""