Binary Gecko Blog

Race conditions in Linux Kernel perf events
Foreword: We disclosed this vulnerability to the kernel security team through responsible disclosure (CVE-2024-46713). The patch on the mailing list is visible here…

Sky’s the Limit - Quick Analysis and Exploitation of a Chrome ipcz TOCTOU Vulnerability
In this blog post we’ll dive into the details of an interesting vulnerability in the new IPC mechanism of Chrome, ipcz, and see how it was possible to exploit it from a compromised renderer to escape the Chrome sandbox. The following analysis and described exploitation technique is based on Chromium 113.0.5672.77.