POC of Chrome Zero-Day Exploit
Description
CVE-2024-7971 is a type of confusion vulnerability in the V8 JavaScript engine used by
Google Chrome. The issue allows remote attackers to exploit heap corruption via a
specially crafted HTML page. This can lead to instability, crashing, data corruption, or
arbitrary code execution.
Affected Versions
- Google Chrome versions prior to 128.0.6613.84
- Specifically, versions like 104.0.5112.101 are vulnerable.
Impact
- Heap Corruption: Due to type confusion, memory corruption can occur.
- Potential Exploits: Can lead to arbitrary code execution, instability, or data
- leakage.
Technical Details
Vulnerability Type
Type Confusion: An issue where the V8 engine mishandles different data types,
leading to memory corruption.
Exploitation Mechanism
An attacker can exploit this vulnerability by injecting a specially crafted HTML or
JavaScript payload to confuse the type of system of the V8 engine.
Affected Platforms
Proof of Concept (PoC)
PoC Description
The PoC code demonstrates how type confusion can be triggered in Chrome’s V8
engine. It involves creating an array of floats, inserting an object to confuse the type, and then triggering operations that exploit the type confusion.
Downloading vulnerabale version of Google chrome for testing
Verifying the vulnerable version
Crafting the payload for the exploit
Executing the payload
Monitor the Console for errors or abnormal behavior.
Exploit crashed the chrome
Support Crack-Vault and help us keep providing free tools. Every donation counts!
(BTC) Address: bc1qhhva8uplmkaa3kkwxnux9t3y6l6kmhnwqzktzn
