CVE-2021-21220

Related Files

Chrome V8 JIT XOR Arbitrary Code Execution

Posted Dec 14, 2023

Authored by R3tro74 | Site github.com

Chrome V8 proof of concept exploit for CVE-2021-21220. The specific flaw exists within the implementation of XOR operation when executed within JIT compiled code.

tags | exploit, proof of concept

advisories | CVE-2021-21220

SHA-256 | 4a0c5ace29bab9077fd3cb6f30e1b337ebb1207166906d4dc66f459257476092

Download | Favorite | View

Google Chrome XOR Typer Out-Of-Bounds Access / Remote Code Execution

Posted May 3, 2021

Authored by Niklas Baumstark, Grant Willcox, Rajvardhan Agarwal, Bruno Keith | Site metasploit.com

This Metasploit module exploits an issue in the V8 engine on x86_x64 builds of Google Chrome versions prior to 89.0.4389.128/90.0.4430.72 when handling XOR operations in JIT'd JavaScript code. Successful exploitation allows an attacker to execute arbitrary code within the context of the V8 process. As the V8 process is normally sandboxed in the default configuration of Google Chrome, the browser must be run with the --no-sandbox option for the payload to work correctly.

tags | exploit, arbitrary, javascript

advisories | CVE-2021-21220

SHA-256 | 021951718048ffe0b71a7648ba64e0929b63f860f2b0a3b5424af17523e26274

Download | Favorite | View