Skip to content

Commit

Permalink
[2020/01/17] monthly update
Browse files Browse the repository at this point in the history
  • Loading branch information
@allpaca
allpaca authored Jan 17, 2020
1 parent 580cc7f commit f15e70b
Showing 1 changed file with 6 additions and 3 deletions.
9 changes: 6 additions & 3 deletions README.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,12 @@ A Collection of Chrome Sandbox Escape POCs/Exploits for learning.

Issue | Type | Summary | Label | Reporter | Links
-- | -- | -- | -- | -- | --
[crbug-1005753](https://crbug.com/1005753) | Patch POC | UAF in IndexedDB | CVE-2019-13693, M-77, M-78, reward-20500 | [Guang Gong](https://crbug.com/?q=Guang%20Gong%20OR%20reporter%3Ahigongguang%40gmail.com&can=1) | -
[crbug-1004730](https://crbug.com/1004730) | Patch POC | UAF in MojoAudioDecoder | CVE-2019-13695, M-77, reward-15000 | [Man Yue Mo](https://crbug.com/?can=1&q=reporter%3Ammo%40semmle.com) | -
[crbug-1000934](https://crbug.com/1000934) | HTML POC | UAF in Sharing | CVE-2019-13685, M-77, M-78, reward-15000 | [chromium.khalil](https://crbug.com/?q=reporter%3Achromium.khalil%40gmail.com&can=1) | -
[crbug-1000002](https://crbug.com/1000002) | MojoJS POC | UAF in OfflinePage2 (Android) | CVE-2019-13686, M-76, reward-20000 | [Brendon Tiszka](https://crbug.com/?q=reporter%3Abtiszka%40gmail.com&can=1) | -
[crbug-998548](https://crbug.com/998548) | MojoJS POC | UAF in ImageCapture | CVE-2019-13687, M-76, M-77, M-78, reward-20000 | [Man Yue Mo](https://crbug.com/?can=1&q=reporter%3Ammo%40semmle.com) | -
[crbug-998431](https://crbug.com/998431) | MojoJS POC | Heap Overflow in GamepadService | CVE-2019-13700, M-77, reward-15000 | [Man Yue Mo](https://crbug.com/?can=1&q=reporter%3Ammo%40semmle.com) | -
[crbug-997190](https://crbug.com/997190) | Patch POC | UAF in MediaSession (Android) | CVE-2019-5876, M-76, reward-20000 | [Man Yue Mo](https://crbug.com/?can=1&q=reporter%3Ammo%40semmle.com) | -
[crbug-996741](https://crbug.com/996741) | Patch POC | Logic Bug in Payment Handler API | M-76 | [Sergey Glazunov](https://crbug.com/?q=reporter%3Aserg.glazunov%40gmail.com%2Cglazunov%40google.com&can=1) | [p0-1928](https://crbug.com/project-zero/1928)
[crbug-995964](https://crbug.com/995964) | MojoJS POC | UAF in VideoCapture | CVE-2019-13688, M-77, M-78, reward-20000 | [Man Yue Mo](https://crbug.com/?can=1&q=reporter%3Ammo%40semmle.com) | -
Expand All @@ -17,7 +20,7 @@ Issue | Type | Summary | Label | Reporter | Links
[crbug-981873](https://crbug.com/981873) | MojoJS POC | UAF in IndexedDB ~LevelDBIteratorImpl | M-76 | [Mark Brand](https://crbug.com/?q=reporter%3Amarkbrand%40google.com&can=1) | [p0-1904](https://crbug.com/project-zero/1904)
[crbug-977462](https://crbug.com/977462) | MojoJS POC | UAF in OfflinePage (Android) | CVE-2019-5850, M-75, reward-10000 | [Brendon Tiszka](https://crbug.com/?q=reporter%3Abtiszka%40gmail.com&can=1) | [crbug-977195](https://crbug.com/977195)
[crbug-972239](https://crbug.com/972239#c26) | MojoJS POC | UAF in IndexedDB IndexedDBTransaction::Abort | M-76 | [Mark Brand](https://crbug.com/?q=reporter%3Amarkbrand%40google.com&can=1) | -
[crbug-971702](https://crbug.com/971702) | HTML POC | UAF in chrome!content::Portal::Activate | M-76, reward-8000 | [Pawel Wylecial](https://crbug.com/?q=reporter%3Apawel%40blackowlsec.com&can=1) | -
[crbug-971702](https://crbug.com/971702) | HTML POC | UAF in chrome!content::Portal::Activate | M-76, reward-8000 | [Pawel Wylecial](https://crbug.com/?q=reporter%3Apawel%40blackowlsec.com&can=1) | [crbug-968142](https://crbug.com/968142), [RedTeam Blog](https://blog.redteam.pl/2019/12/chrome-portal-element-fuzzing.html)
[crbug-966784](https://crbug.com/966784) | MojoJS POC | UAF in IndexedDB AbortAllTransactions | M-76, reward-5000 | [cdsrc2016](https://crbug.com/?q=reporter%3Acdsrc2016%40gmail.com&can=1) | -
[crbug-966762](https://crbug.com/966762) | MojoJS POC | UAF in IndexedDB RequestComplete 2 | M-76, reward-10500 | [cdsrc2016](https://crbug.com/?q=reporter%3Acdsrc2016%40gmail.com&can=1) | -
[crbug-962500](https://crbug.com/962500) | HTML POC | Logic Bug in WebUI | reward-10000 | [Michal Bentkowski](https://crbug.com/?q=Michal%20Bentkowski&can=1) | -
Expand Down Expand Up @@ -78,13 +81,13 @@ Issue | Type | Summary | Label | Reporter | Links

Issue Number | Patch Version | Summary | Reporter
-- | -- | -- | --
[crbug-1018677](https://crbug.com/1018677) | [79.0.3945.130](https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html) | [$TBD] Critical CVE-2020-6378: Use-after-free in speech recognizer | Antti Levomäki, Christian Jalio
[crbug-1032170](https://crbug.com/1032170) | [79.0.3945.130](https://chromereleases.googleblog.com/2020/01/stable-channel-update-for-desktop_16.html) | [$N/A] High CVE-2020-6380: Extension message verification error | Sergei Glazunov
[crbug-1025067](https://crbug.com/1025067) | [79.0.3945.79](https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html) | [$20000] Critical CVE-2019-13725: Use after free in Bluetooth | Gengming Liu, Jianyu Chen
[crbug-1027152](https://crbug.com/1027152) | [79.0.3945.79](https://chromereleases.googleblog.com/2019/12/stable-channel-update-for-desktop.html) | [$TBD] Critical CVE-2019-13726: Heap buffer overflow in password manager | Sergei Glazunov
[crbug-1024121](https://crbug.com/1024121) | [78.0.3904.108](https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html) | [$TBD] High CVE-2019-13723: Use-after-free in Bluetooth | Yuxiang Li
[crbug-1024116](https://crbug.com/1024116) | [78.0.3904.108](https://chromereleases.googleblog.com/2019/11/stable-channel-update-for-desktop_18.html) | [$TBD] High CVE-2019-13724: Out-of-bounds access in Bluetooth | Yuxiang Li
[crbug-1001503](https://crbug.com/1001503) | [78.0.3904.70](http://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop_22.html) | [$20000] High CVE-2019-13699: Use-after-free in media | Man Yue Mo
[crbug-1005753](https://crbug.com/1005753) | [77.0.3865.120](http://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html) | [$20500] High CVE-2019-13693: Use-after-free in IndexedDB | Guang Gong
[crbug-1004730](https://crbug.com/1004730) | [77.0.3865.120](http://chromereleases.googleblog.com/2019/10/stable-channel-update-for-desktop.html) | [$15000] High CVE-2019-13695: Use-after-free in audio | Man Yue Mo
[crbug-999311](https://crbug.com/999311) | [77.0.3865.75](http://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html) | [$30000] Critical CVE-2019-5870: Use-after-free in media | Guang Gong
[crbug-989797](https://crbug.com/989797) | [77.0.3865.75](http://chromereleases.googleblog.com/2019/09/stable-channel-update-for-desktop.html) | [$3000] High CVE-2019-5874: External URIs may trigger other browsers | James Lee
[crbug-959438](https://crbug.com/959438) | [76.0.3809.87](http://chromereleases.googleblog.com/2019/07/stable-channel-update-for-desktop_30.html) | [$TBD] High CVE-2019-5859: Some URIs can load alternative browsers | James Lee
Expand Down

0 comments on commit f15e70b

Please sign in to comment.