Home Hacking Tools CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

Hacking Tools

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

October 23, 2024

This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension.

To run these, you must be on a version of Chromium older than 126.0.6478.54.

Write up

Bug report

Both the CVE-2024-5386 and CVE-2024-6778 directories contains a POC Chrome extension that is able to execute arbitrary JS on privileged WebUI pages. CVE-2024-5386 relies on a race condition and is fairly unreliable, while CVE-2024-6778 does not.

The sandbox-escape directory contains the full exploit chain, using CVE-2024-6778 to gain code execution in chrome://policy, which leads to a sandbox escape by setting the legacy browser support policies.

This repository is licensed under the MIT license.

CVE-2024-5836 / CVE-2024-6778 : Chromium Sandbox Escape via Extension Exploits

LEAVE A REPLY Cancel reply

APPLICATIONS

Astra : Automated Security Testing For REST API’s

Freyja Purple Team Agent : A Cutting-Edge Tool For Cyber Resilience

Awesome Hacking – An Amazing Project : The Ultimate Resource Guide For Cybersecurity Exploration

ICSpector: Microsoft’s Open-Source ICS Forensics Framework

HOT NEWS

XenoScan – Open source memory scanner written in C++

EVEN MORE NEWS

Rust BOFs – Unlocking New Potentials In Cobalt Strike

MaLDAPtive – Pioneering LDAP SearchFilter Parsing And Security Framework

Cloudkicker – Implementing Basic Authentication ith .htaccess And htpasswd

POPULAR CATEGORY

ReconAIzer – Enhancing Burp Suite With OpenAI

Sysdig Inspect – A Comprehensive Guide To Container Troubleshooting And Securit

Would You Like To Know More In Tartufo – Cleaning Up...