Exploitation Summary
EIP tracks 2 public exploits for CVE-2024-6778. PoCs published by ading2210, r00tjunip3r1.
AI-analyzed exploit summary This repository contains proof-of-concept exploits for CVE-2024-5836 and CVE-2024-6778, which are Chromium vulnerabilities allowing sandbox escape via browser extension. The exploits leverage race conditions and script injection to execute arbitrary JavaScript on privileged WebUI pages, leading to potential RCE.
Description
Race in DevTools in Google Chrome prior to 126.0.6478.182 allowed an attacker who convinced a user to install a malicious extension to inject scripts or HTML into a privileged page via a crafted Chrome Extension. (Chromium security severity: High)
Exploits (2)
This repository contains proof-of-concept exploits for CVE-2024-5836 and CVE-2024-6778, which are Chromium vulnerabilities allowing sandbox escape via browser extension. The exploits leverage race conditions and script injection to execute arbitrary JavaScript on privileged WebUI pages, leading to potential RCE.
This repository contains a proof-of-concept exploit for CVE-2024-6778, which involves a sandbox escape in Chromium via a browser extension. The exploit chain manipulates legacy browser support policies to achieve code execution in privileged WebUI pages.
References (2)
Scores
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H