Menu

  • Alerts
  • Incidents
  • News
  • APTs
  • Cyber Decoded
  • Cyber Hygiene
  • Cyber Review
  • Cyber Tips
  • Definitions
  • Malware
  • Threat Actors
  • Tutorials

Useful Tools

  • Password generator
  • Report an incident
  • Report to authorities
No Result
View All Result
CTF Hack Havoc
CyberMaterial
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
Hall of Hacks
  • Education
    • Cyber Decoded
    • Definitions
  • Information
    • Alerts
    • Incidents
    • News
  • Insights
    • Cyber Hygiene
    • Cyber Review
    • Tips
    • Tutorials
  • Support
    • Contact Us
    • Report an incident
  • About
    • About Us
    • Advertise with us
Get Help
No Result
View All Result
Hall of Hacks
CyberMaterial
No Result
View All Result
Home Alerts

Google Chrome RCE Flaw Details Leak

October 8, 2025
Reading Time: 3 mins read
in Alerts
Redis Use After Free Bug Enables RCE

Researchers have published the full technical details and exploit code for a critical remote code execution (RCE) vulnerability in Google Chrome’s V8 JavaScript engine. This flaw, an improper nullability check, was introduced in Chrome M135 and allows attackers to craft two recursive type groups that share the same hash value. The exploit, which is a birthday attack on the type canonicalization, achieves nullability confusion on indexed reference types, which undermines the core Wasm type safety.

The attack leverages a novel V8 sandbox bypass using flaws in JavaScript Promise Integration (JSPI) state-switching. According to SSD Secure Disclosure, an attacker can abuse a confusion in the secondary stack management logic to pivot execution between nested JS and Wasm stacks. By skipping inactive stacks and injecting attacker-controlled values, the exploit gains full stack control and builds a return-oriented programming chain to invoke the VirtualProtect function on a read-write-execute (RWX) shellcode buffer. This effectively allows the attacker to run their own code.

The publicly released proof-of-concept includes an HTML payload and accompanying JavaScript that generates specific Wasm types and functions. When deployed, the exploit spawns a Windows calculator process by using a specially crafted ROP chain and RWX shellcode. The exploit script first enumerates two Wasm recursive type groups, differing only in their nullability, and then uses a birthday attack to find a collision among their hash values.

Next, the exploit casts a null reference into a non-null one, which grants a read/write primitive by abusing out-of-bounds access to a large ArrayBuffer. The exploit then constructs nested promise-based Wasm exports to force stack switches and abuses a missing security check to skip an inactive stack frame. This gives the attacker control over the execution context. Finally, it injects an array of gadget addresses—small snippets of existing code—to mark the shellcode memory as executable and jump into it.

The vulnerability was discovered by Seunghyun Lee (0x10n), who won the Chrome RCE category at TyphoonPWN 2025 for this work. A patch has since been committed to address the nullability regression, reintroduce strict security checks in JSPI, and restore robust type safety in the V8 engine. Users are strongly advised to update to Chrome M137.0.7151.57 or later as soon as possible to mitigate this critical RCE risk.

Reference:

  • Google Chrome RCE Vulnerability Details Published Along With Exploit Code
Tags: Cyber AlertsCyber Alerts 2025CyberattackCybersecurityOctober 2025
ADVERTISEMENT

Related Posts

Toys R Us Canada Data Breach Alert

Fake LastPass Death Claims Breach Vaults

October 28, 2025
Toys R Us Canada Data Breach Alert

ChatGPT Atlas Browser Fooled By Fake Url

October 28, 2025
Toys R Us Canada Data Breach Alert

Chrome Zero Day Delivers LeetAgent

October 28, 2025
Qilin Ransomware Uses Hybrid Attack

Qilin Ransomware Uses Hybrid Attack

October 28, 2025
Qilin Ransomware Uses Hybrid Attack

Hackers Exploit Outdated WordPress Plugins

October 28, 2025
Smishing Triad Tied To Global Phishing

Smishing Triad Tied To Global Phishing

October 28, 2025

Latest Alerts

Fake LastPass Death Claims Breach Vaults

ChatGPT Atlas Browser Fooled By Fake Url

Chrome Zero Day Delivers LeetAgent

Smishing Triad Tied To Global Phishing

Qilin Ransomware Uses Hybrid Attack

Hackers Exploit Outdated WordPress Plugins

Subscribe to our newsletter

    Latest Incidents

    Google Contractor Steals Play Files

    Vibra Hospital Data Breach Probe

    Hackers Target Swedish Power Grid

    Ex-L3Harris Cyber Boss Charged With Espionage

    Safepay Hits Xortec Video Surveillance Firm

    Hackers Breach Verstappen Data

    CyberMaterial Logo
    • About Us
    • Contact Us
    • Jobs
    • Legal and Privacy Policy
    • Site Map

    © 2025 | CyberMaterial | All rights reserved

    Welcome Back!

    Login to your account below

    Forgotten Password?

    Retrieve your password

    Please enter your username or email address to reset your password.

    Log In

    Add New Playlist

    No Result
    View All Result
    • Alerts
    • Incidents
    • News
    • Cyber Decoded
    • Cyber Hygiene
    • Cyber Review
    • Definitions
    • Malware
    • Cyber Tips
    • Tutorials
    • Advanced Persistent Threats
    • Threat Actors
    • Report an incident
    • Password Generator
    • About Us
    • Contact Us
    • Advertise with us

    Copyright © 2025 CyberMaterial