RVAsec 13

In this presentation, the development process of a remote code execution (RCE) exploit for CVE-2023-2033 is discussed. CVE-2023-2033 is an N-day type confusion vulnerability that affects Google Chrome for Windows, Mac, and Linux with which an attacker can exploit Chrome V8 engine to cause heap corruption via a crafted HTML page and gain RCE. Prior to this presentation, a public RCE exploit for this vulnerability did not exist. This exploit is based on publicly available proof of concept code that uses this vulnerability to implement v8 heap read/write/addrof primitives. This presentation focuses on weaponizing these primitives to achieve remote code execution consistently on an unsandboxed renderer process of an Electron version running a vulnerable version of Chrome. Methods to hijack the render process instruction pointer and to write and execute specially encoded chunks of shellcode using these primitives are discussed.