CVE-2024-2887: A Pwn2Own Winning Bug in Google Chrome

In this guest blog from Master of Pwn winner Manfred Paul, he details CVE-2024-2887 – a type confusion bug that occurs in both Google Chrome and Microsoft Edge (Chromium). He used this bug as a part of his winning exploit that led to code execution in the renderer of both browsers. This bug was quickly patched by both Google and Microsoft. Manfred has graciously provided this detailed write-up of the vulnerability and how ghe exploited it at the contest. …

blog blog post browsers bug chrome chromium code code execution cve cve-2024 edge exploit google google chrome guest blog led master microsoft microsoft edge paul pwn2own type confusion winner winning