[binary] A Chrome RCE, WebP 0day, and glibc LPE
Some complex and confusing vulnerabilities as we talk about the recent WebP 0day and the complexities of huffman coding. A data-only exploit to escape a kCTF container, the glibc LPE LOONY_TUNABLES, and a Chrome TurboFan RCE. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/218.html [00:00:00] Introduction [00:00:40] Expanding our exploit reward program to Chrome and Cloud [00:06:10] The WebP 0day - We do somewhat downplay this issue due to the difficulty of exploiting it. But to be clear, it was exploited in the wild on Apple devices, so it exploitable. We're more downplaying the panic that came up around it. It is still a serious issue that should be patched. [00:34:00] Escaping the Google kCTF Container with a Data-Only Exploit [00:44:49] Local Privilege Escalation in the glibc's ld.so [CVE-2023-4911] [01:01:27] Getting RCE in Chrome with incorrect side effect in the JIT compiler [01:08:03] Behind the Shield: Unmasking Scudo's Defenses The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9