Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Chrome RCE Flaw Details Leak

October 8, 2025
Reading Time: 3 mins read
in Alerts
Redis Use After Free Bug Enables RCE

Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine. This flaw, an improper nullability check, was introduced in Chrome M135 and allows attackers to craft two recursive type groups that share the same hash value. The exploit, which is a birthday attack on the type canonicalization, achieves nullability confusion on indexed reference types, which undermines the core Wasm type safety.

The attack leverages a novel V8 sandbox bypass using flaws in JavaScript Promise Integration (JSPI) state-switching. According to SSD Secure Disclosure, an attacker can abuse a confusion in the secondary stack management logic to pivot execution between nested JS and Wasm stacks. By skipping inactive stacks and injecting attacker-controlled values, the exploit gains full stack control and builds a return-oriented programming chain to invoke the VirtualProtect function on a read-write-execute (RWX) shellcode buffer. This effectively allows the attacker to run their own code.

The publicly released proof-of-concept includes an HTML payload and accompanying JavaScript that generates specific Wasm types and functions. When deployed, the exploit spawns a Windows calculator process by using a specially crafted ROP chain and RWX shellcode. The exploit script first enumerates two Wasm recursive type groups, differing only in their nullability, and then uses a birthday attack to find a collision among their hash values.

Next, the exploit casts a null reference into a non-null one, which grants a read/write primitive by abusing out-of-bounds access to a large ArrayBuffer. The exploit then constructs nested promise-based Wasm exports to force stack switches and abuses a missing security check to skip an inactive stack frame. This gives the attacker control over the execution context. Finally, it injects an array of gadget addresses—small snippets of existing code—to mark the shellcode memory as executable and jump into it.

The vulnerability was discovered by Seunghyun Lee (0x10n), who won the Chrome RCE category at TyphoonPWN 2025 for this work. A patch has since been committed to address the nullability regression, reintroduce strict security checks in JSPI, and restore robust type safety in the V8 engine. Users are strongly advised to update to Chrome M137.0.7151.57 or later as soon as possible to mitigate this critical RCE risk.

Reference:

  • Google Chrome RCE Vulnerability Details Published Along With Exploit Code
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityOctober 2025
ADVERTISEMENT

Related Posts

Redis Use After Free Bug Enables RCE

Redis Use After Free Bug Enables RCE

October 8, 2025
Redis Use After Free Bug Enables RCE

Microsoft Ties Storm 1175 To Medusa

October 8, 2025
XWorm 6.0 Returns With New Plugins

XWorm 6.0 Returns With New Plugins

October 7, 2025
XWorm 6.0 Returns With New Plugins

Rhadamanthys Stealer Evolves Again

October 7, 2025
XWorm 6.0 Returns With New Plugins

Steam And Microsoft Warn Of Unity Flaw

October 7, 2025
CISA Adds New Flaws to KEV Catalog

Oracle Issues Security Alert

October 6, 2025

Latest Alerts

Microsoft Ties Storm 1175 To Medusa

Google Chrome RCE Flaw Details Leak

Redis Use After Free Bug Enables RCE

XWorm 6.0 Returns With New Plugins

Steam And Microsoft Warn Of Unity Flaw

Rhadamanthys Stealer Evolves Again

Subscribe to our newsletter

    Latest Incidents

    DraftKings Warns Of Account Breaches

    Doctors Imaging Data Breach Hits 171K

    Salesforce Refuses To Pay Ransom

    Red Hat Data Breach Escalates Further

    FC Barcelona Instagram Hacked By Scam

    Threat Actors Claim Huawei Breach

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial