Vulnerability Research

The hunt for Chromium issue 1072171

29 May 2020 ~29 min By Javier Jimenez
Browser Chrome Exploit Development Vulnerability Research 0day V8 Vulnerability
Intro The last few months I’ve been studying Chrome’s v8 internals and exploits with the focus of finding a type confusion bug. The good news is that I found one, so the fuzzing and analysis efforts didn’t go to waste. The bad news is that I can reliably trigger the vulnerability but I haven’t found a way to weaponise it yet. If you don’t have prior knowledge of v8, I encourage you to take some time and read through the previous post I wrote. It covers all of the basics regarding the v8 compiler and tools that helped me throughout my research. More importantly, it will help newcomers understand all of the research described within this post.

The power of variant analysis (Semmle QL) CVE-2019-15937 and CVE-2019-15938

28 October 2019 ~9 min By Hector Cuesta
Cve Exploit Variant Analysis Vulnerability Research Code Analysis Cve-2019-15937 Cve-2019-15938 Ql Semmle Vulnerability
Intro This post will try to do a small introduction to the QL language using real-world vulnerabilities that I found in the past, and it will end with a small challenge using QL. A few months ago, I heard of Semmle QL for the first time, what they do is perform multiple code analysis techniques against source code, and dump these results into a database. Then using the QL language, you can query this data to perform variant analysis.