Trying to port some Chrome 118 renderer proof-of-concepts to arm64:
- In-sandbox read/write using CVE-2024-0517 exploit from bnovkebin / Exodus
- V8 Sandbox bypass using CVE-2024-2887 exploit from _manfp
- Some custom arm64 shellcode.
Doesn't work yet - runs in Electron v27.2.0 on arm64, but only once - doesn't work after a refresh. Doesn't work on the Chrome 118-based browser on the Amazon Echo Show 5.
cd exploits && npx http-server -c-1
`electron-v27.2.0/electron --enable-logging=stderr --js-flags="--allow-natives-syntax" http://localhost:8080/bnovkebin.html