This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension.
To run these, you must be on a version of Chromium older than 126.0.6478.54
.
Write up
Bug report
Both the CVE-2024-5386
and CVE-2024-6778
directories contains a POC Chrome extension that is able to execute arbitrary JS on privileged WebUI pages. CVE-2024-5386
relies on a race condition and is fairly unreliable, while CVE-2024-6778
does not.
The sandbox-escape
directory contains the full exploit chain, using CVE-2024-6778
to gain code execution in chrome://policy
, which leads to a sandbox escape by setting the legacy browser support policies.
This repository is licensed under the MIT license.
Playwright-MCP (Model Context Protocol) is a cutting-edge tool designed to bridge the gap between AI…
JBDev is a specialized development tool designed to streamline the creation and debugging of jailbreak…
The Kereva LLM Code Scanner is an innovative static analysis tool tailored for Python applications…
Nuclei-Templates-Labs is a dynamic and comprehensive repository designed for security researchers, learners, and organizations to…
SSH-Stealer and RunAs-Stealer are malicious tools designed to stealthily harvest SSH credentials, enabling attackers to…
Control flow flattening is a common obfuscation technique used by OLLVM (Obfuscator-LLVM) to transform executable…