In this post, I'll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.

The GitHub Blog provides updates, announcements, and insights from the world's leading software development platform, covering topics such as new features, community highlights, and industry trends. Developers can learn about GitHub's latest developments, best practices for collaboration, and tips for maximizing productivity on the platform.

GitHub Blog

The post explains how to exploit CVE-2024-3833, a bug in Chrome's v8 JavaScript engine, allowing remote code execution (RCE) through duplicate object properties. It details the origin trials in Chrome and compares it to earlier exploits like CVE-2021-30561. The method involves creating duplicate properties to achieve out-of-bounds writes in the v8 property array, leading to type confusion between JavaScript objects and arrays, and eventually to arbitrary code execution by manipulating WebAssembly imported functions.

Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties