Browser Hacking | writeups.xyz

Title	Vulnerabilities	Programs	Authors
Exploiting Steam: Usual and Unusual Ways in the CEF Framework	Browser Hacking Thick Client RCE OS Command Injection Arbitrary File Read Arbitrary File Creation Components With Known Vulnerabilities	Valve (Steam) Google (Chromium)	DARKNAVY (@DarkNavyOrg)
CVE-2024-2887: A Pwn2Own Winning Bug In Google Chrome	V8 JavaScript Engine WebAssembly JS Sandbox Breakout Browser Hacking Memory Corruption RCE	Google (Chrome) Microsoft (Edge)	Manfred Paul (@_Manfp)
Bypassing browser tracking protection for CORS misconfiguration abuse	CORS Misconfiguration Browser Hacking	Mozilla (Firefox) Apple (Safari)	Nikita Sveshnikov
CVE-2023-5480: Chrome new XSS Vector	XSS Logic Flaw Browser Hacking	Google (Chrome & Chromium)	Vsevolod Kokorin (Slonser_)
“MyFlaw” — Cross Platform 0-Day RCE Vulnerability Discovered in Opera’s Browser	RCE CSP Bypass Browser Extension Hacking Browser Hacking	Opera	Oleg Zaytsev
Uncovering a crazy privilege escalation from Chrome extensions	XSS Browser Hacking	Google (Chrome, ChromeOS)	Derin Eryılmaz (@Deryilz)
CVE-2022-4908: SOP bypass in Chrome using Navigation API	SOP Bypass Browser Hacking OAuth	Google (Chrome & Chromium)	Johan Carlsson (@Joaxcar)
Shifting boundaries: Exploiting an Integer Overflow in Apple Safari	Integer Overflow Memory Corruption Browser Hacking	Apple	Vignesh Rao
Discovering Headroll (CVE-2023–0704) in Chromium	SOP Bypass Browser Hacking	Google (Chromium)	Rhys Elsmore (@Rhyselsmore) Zac Sims
Hacking the Nintendo DSi Browser	Memory Corruption Use-After-Free Browser Hacking	Nintendo	Nathan Farlow (@0x1337cafe)
How Browser’s Save As Feature might lead to Code Execution (CVE-2022–45415)	RCE Browser Hacking	Mozilla (Firefox)	Jayateertha Guruprasad (@JayateerthaG)
Google Chrome “SymStealer” Vulnerability: How to Protect Your Files from Being Stolen	Local Privilege Escalation Browser Hacking Symbolic Link Following	Google (Chrome & Chromium)	Ron Masas (@RonMasas)
Chromium: Same Origin Policy bypass within a single site a.k.a. "Google Roulette"	SOP Bypass Browser Hacking	Google (Chromium)	Michał Bentkowski (@SecurityMB)
Jit-Picking: Differential Fuzzing of JavaScript Engines	Browser Hacking	Mozilla	Lukas Bernhard (@Bernhl) Tobias Scharnowski (@ScepticCtf) Moritz Schloegel (@M_u00d8)
Safari is hot-linking images to semi-random websites	Browser Hacking XSS	Apple	Gareth Heyes (@Garethheyes)
Guest Blog Post - Memory corruption vulnerabilities in Edge	Browser Hacking Memory Corruption Use-After-Free Out-of-Bounds Read Out-of-Bounds Write	Microsoft	David Erceg (@David_erceg)
Step-by-Step Walkthrough of CVE-2022-32792 - WebKit B3ReduceStrength Out-of-Bounds Write	Memory Corruption Browser Hacking Out-of-Bounds Write	Apple	Daniel Lim (@Daniellimws) Đỗ Minh Tuấn (@Tuanit96)
But You Told Me You Were Safe: Attacking The Mozilla Firefox Renderer (Part 1)	Browser Hacking RCE Prototype Pollution	Mozilla	Hossein Lotfi (@Hosselot) Manfred Paul (@_Manfp)
A Story of a Bug Found Fuzzing	Browser Hacking Memory Corruption	Google Microsoft	Abdulrhman Alqabandi (@Qab)
Extracting Clear-Text Credentials Directly From Chromium’s Memory	Browser Hacking	Google (Chromium)	Zeev Ben Porat
CVE-2022-0337 System environment variables leak on Google Chrome, Microsoft Edge and Opera	Browser Hacking	Google Microsoft Opera	Maciej Pulikowski (@Pulik_io)
webOS Revisited - Even More Mistaken Identities	Local Privilege Escalation Browser Hacking	LG	Andreas Lindh (@Addelindh)
Hacking the Apple Webcam (again)	Universal XSS Browser Hacking	Apple	Ryan Pickren
Exploitation Of CVE-2021-21220 – From Incorrect JIT Behavior To RCE	Browser Hacking Memory Corruption RCE	Google Microsoft	Bruno Keith (@Bkth_) Niklas Baumstark(@_niklasb)
Play The Opera Please	Browser Hacking	Opera	Dhiraj (@RandomDhiraj)

Page 1 of 2