Race conditions in Linux Kernel perf events
Foreword: We disclosed this vulnerability to the kernel security team through responsible disclosure. The patch on the mailing list is visible here. We are publishing the vulnerability to demonstrate that it is fully exploitable and to ensure that the technical details are available. No CVE number has been assigned yet, as per the kernel teams policy […]
Sky’s the Limit – Quick Analysis and Exploitation of a Chrome ipcz TOCTOU Vulnerability
In this blog post we’ll dive into the details of an interesting vulnerability in the new IPC mechanism of Chrome, ipcz, and see how it was possible to exploit it from a compromised renderer to escape the Chrome sandbox. The following analysis and described exploitation technique is based on Chromium 113.0.5672.77. Background The vulnerable code was added […]
