Binary Gecko Blog

Race conditions in Linux Kernel perf events

Foreword: We disclosed this vulnerability to the kernel security team through responsible disclosure (CVE-2024-46713). The patch on the mailing list is visible here…

Read more
Sky’s the Limit - Quick Analysis and Exploitation of a Chrome ipcz TOCTOU Vulnerability

In this blog post we’ll dive into the details of an interesting vulnerability in the new IPC mechanism of Chrome, ipcz, and see how it was possible to exploit it from a compromised renderer to escape the Chrome sandbox. The following analysis and described exploitation technique is based on Chromium 113.0.5672.77.

Read more