all InfoSec news
Getting RCE in Chrome with incomplete object initialization in the Maglev compiler
Oct. 17, 2023, 3 p.m. | Man Yue Mo
The GitHub Blog: Security News and Updates github.blog
In this post, I'll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.
The post Getting RCE in Chrome with incomplete object initialization in the Maglev compiler appeared first on The GitHub Blog.
chrome code code execution compiler cve exploit exploit development github security lab malicious object rce remote code remote code execution sandbox security single type confusion
More from github.blog / The GitHub Blog: Security News and Updates
Where does your software (really) come from?
2 days, 8 hours ago |
github.blog
CodeQL zero to hero part 3: Security research with CodeQL
3 days, 17 hours ago |
github.blog
Securing millions of developers through 2FA
1 week, 1 day ago |
github.blog
Gaining kernel code execution on an MTE-enabled Pixel 8
1 month, 2 weeks ago |
github.blog
Keeping secrets out of public repositories
2 months ago |
github.blog
Build code security skills with the GitHub Secure Code Game
2 months, 2 weeks ago |
github.blog
Jobs in InfoSec / Cybersecurity
Social Engineer For Reverse Engineering Exploit Study
@ Independent study | Remote
Information Security Specialist, Sr. (Container Hardening)
@ Rackner | San Antonio, TX
Principal Security Researcher (Advanced Threat Prevention)
@ Palo Alto Networks | Santa Clara, CA, United States
EWT Infosec | IAM Technical Security Consultant - Manager
@ KPMG India | Bengaluru, Karnataka, India
Security Engineering Operations Manager
@ Gusto | San Francisco, CA; Denver, CO; Remote
Network Threat Detection Engineer
@ Meta | Denver, CO | Reston, VA | Menlo Park, CA | Washington, DC