Go offline with the Player FM app!
[binary] A Chrome RCE, WebP 0day, and glibc LPE
Manage episode 379466905 series 2606557
Some complex and confusing vulnerabilities as we talk about the recent WebP 0day and the complexities of huffman coding. A data-only exploit to escape a kCTF container, the glibc LPE LOONY_TUNABLES, and a Chrome TurboFan RCE.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/218.html
[00:00:00] Introduction
[00:00:40] Expanding our exploit reward program to Chrome and Cloud
[00:06:10] The WebP 0day
- We do somewhat downplay this issue due to the difficulty of exploiting it. But to be clear, it was exploited in the wild on Apple devices, so it exploitable. We're more downplaying the panic that came up around it. It is still a serious issue that should be patched.
[00:34:00] Escaping the Google kCTF Container with a Data-Only Exploit
[00:44:49] Local Privilege Escalation in the glibc's ld.so [CVE-2023-4911]
[01:01:27] Getting RCE in Chrome with incorrect side effect in the JIT compiler
[01:08:03] Behind the Shield: Unmasking Scudo's Defenses
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
254 episodes
Manage episode 379466905 series 2606557
Some complex and confusing vulnerabilities as we talk about the recent WebP 0day and the complexities of huffman coding. A data-only exploit to escape a kCTF container, the glibc LPE LOONY_TUNABLES, and a Chrome TurboFan RCE.
Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/218.html
[00:00:00] Introduction
[00:00:40] Expanding our exploit reward program to Chrome and Cloud
[00:06:10] The WebP 0day
- We do somewhat downplay this issue due to the difficulty of exploiting it. But to be clear, it was exploited in the wild on Apple devices, so it exploitable. We're more downplaying the panic that came up around it. It is still a serious issue that should be patched.
[00:34:00] Escaping the Google kCTF Container with a Data-Only Exploit
[00:44:49] Local Privilege Escalation in the glibc's ld.so [CVE-2023-4911]
[01:01:27] Getting RCE in Chrome with incorrect side effect in the JIT compiler
[01:08:03] Behind the Shield: Unmasking Scudo's Defenses
The DAY[0] Podcast episodes are streamed live on Twitch twice a week:
-- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities
-- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits.
We are also available on the usual podcast platforms:
-- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063
-- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt
-- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz
-- Other audio platforms can be found at https://anchor.fm/dayzerosec
You can also join our discord: https://discord.gg/daTxTK9
254 episodes
All episodes
×Welcome to Player FM!
Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.