Chrome Exploits and a Firefox Update Bug [Binary Exploitation]

31:55
 
Share
 

Manage episode 304021846 series 2606557
By dayzerosec. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/chrome-exploits-and-a-firefox-update-bug.html

This week we start off with a nice introduction to signedness issues before diving into a couple Chrome bugs (type confusion and use-after-free)

[00:00:17] Spot the Vuln - I Can't Even (Solution)

[00:03:46] Fixing a Security Bug by Changing a Function Signature

[00:11:58] Chrome in-the-wild bug analysis: CVE-2021-30632

[00:21:25] GHSL-2021-124: Use After Free (UAF) in Chrome - CVE-2021-30528

[00:26:56] Phrack - Issue 70

The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week:

  • Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
  • Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.

The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec

You can also join our discord: https://discord.gg/daTxTK9

Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

104 episodes