This repository contains proof of concept exploits for CVE-2024-5836 and CVE-2024-6778, which are vulnerabilities within the Chromium web browser which allowed for a sandbox escape from a browser extension.
To run these, you must be on a version of Chromium older than 126.0.6478.54.
Write up
Bug report
Both the CVE-2024-5386 and CVE-2024-6778 directories contains a POC Chrome extension that is able to execute arbitrary JS on privileged WebUI pages. CVE-2024-5386 relies on a race condition and is fairly unreliable, while CVE-2024-6778 does not.
The sandbox-escape directory contains the full exploit chain, using CVE-2024-6778 to gain code execution in chrome://policy, which leads to a sandbox escape by setting the legacy browser support policies.
This repository is licensed under the MIT license.
Journalists use OSINT to verify public information before publishing. In 2026, misinformation, AI-generated images, fake…
DockerĀ is an open-source platform that lets you package and run applications inside containers. Each container…
PostgreSQL (often called Postgres) is an open-source relational database system. It supports advanced features like JSON…
Xrdp is an open-source server that lets you connect to your Ubuntu machine from another computer…
Apache Tomcat is an open-source web server and Java servlet container. It is one of the…
Keeping your Ubuntu system updated is one of the best ways to protect it. Security…