This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension.
To run these, you must be on a version of Chromium older than 126.0.6478.54
.
Write up
Bug report
Both the CVE-2024-5386
and CVE-2024-6778
directories contains a POC Chrome extension that is able to execute arbitrary JS on privileged WebUI pages. CVE-2024-5386
relies on a race condition and is fairly unreliable, while CVE-2024-6778
does not.
The sandbox-escape
directory contains the full exploit chain, using CVE-2024-6778
to gain code execution in chrome://policy
, which leads to a sandbox escape by setting the legacy browser support policies.
This repository is licensed under the MIT license.
SpyAI is a sophisticated form of malware that leverages advanced technologies to capture and analyze…
The Proxmark3 is a versatile, open-source tool designed for radio-frequency identification (RFID) security analysis, research,…
The "Awesome Solana Security" collection is a comprehensive resource designed to help developers build more…
The "IngressNightmare" vulnerabilities, disclosed in March 2025, represent a critical set of security issues affecting…
AdaptixC2 is an advanced post-exploitation and adversarial emulation framework designed specifically for penetration testers. It…
Bincrypter is a powerful Linux binary runtime crypter written in BASH. It is designed to…