Listen to this Post
The CVE-2024-4761 vulnerability is a critical out-of-bounds write issue in the V8 JavaScript and WebAssembly engine. The flaw originates from an integer overflow within the `V8::TypedArrayPrototypeSetTypedArray` function. This function is responsible for copying elements between typed arrays. A missing bounds check on the source array’s length during this operation allows an attacker to trigger an integer overflow when calculating the copy range. This overflow leads to a miscalculated memory write operation, corrupting adjacent memory structures. By carefully crafting a malicious JavaScript payload that manipulates typed arrays, an attacker can exploit this memory corruption to achieve remote code execution within the context of the Chrome browser renderer process, bypassing security sandboxes.
Platform: Google Chrome
Version: Prior to 126.0.6478.54/.55
Vulnerability: Out-of-bounds write
Severity: Critical
date: 2024-05-24
Prediction: 2024-06-07
What Undercode Say:
`$ git log –oneline –grep=”4761″ v8/
$ find . -name “.cc” -exec grep -l “TypedArrayPrototypeSetTypedArray” {} \;
$ diff –git a/src/builtins/typed-array-set.tq b/src/builtins/typed-array-set.tq`
How Exploit:
`let arr = new Uint8Array(1024);
let evil = { Symbol.toPrimitive { return 232 – 100; } };
arr.set(evil);`
Protection from this CVE:
Update Chrome. Disable JavaScript.
Impact:
Remote Code Execution
🎯Let’s Practice Exploiting & Learn Patching For Free:
Sources:
Reported By: nvd.nist.gov
Extra Source Hub:
Undercode

