One Article Review
| Source |  RedTeam PL |
|---|---|
| Identifiant | 1798887 |
| Date de publication | 2019-12-06 20:29:30 (vue: 2020-07-09 15:05:43) |
| Titre | Google Chrome portal element fuzzing |
| Texte | BackgroundSome time ago, while browsing my Twitter feed I stumbled upon an interesting tweet from MichaĆ Bentkowski [https://twitter.com/SecurityMB/status/1127963181089992705]. The description of the new portal element certainly grabbed my attention as something that may have an impact on security. You can learn more about the portal element from here [https://web.dev/hands-on-portals] and here [https://wicg.github.io/portals/]. At the moment of writing this article the portal element is still behind a flag (#enable-portals), however it is available in the Google Chrome |
| Envoyé | Oui |
| Condensat | #enable $8000 checksum: file 01 02 03 04 05 06 07 08 09 0:000> 0a setupi this /portal 0 filedescription: 0 fileversion: 0 file 0 product 00000000 00000000 translations: 00000000`00000000 00000000`00000008 00000000`0000032d 00000000`00000595 00000000`00003dff 00000036`653fdfe0 00000036`653fe330 00000036`653fe630 00000036`653fe690 00000036`653fe750 00000036`653fe850 00000036`653fea10 00000036`653feaa0 00000036`653feb60 00000036`653febb0 00000036`653fec00 00000036`653fec60 00000036`653fec68 00000036`653fee40 00000100`00001402 000001d5`229cb170 000001d5`229cdee0 000001d5`229eff80 000001d5`229f7fd0 000001d5`22a87f80 000001d5`2b848fd0 000001d5`58fb4fd0 00000781`02de8191 00007ffd`c71750a9 00007ffd`c7179f54 00007ffd`c71afc6e 00007ffd`c71b02c6 00007ffd`c71b0471 00007ffd`c71b070a 00007ffd`c71b3502 00007ffd`c71b8dde 00007ffd`c71d50c7 00007ffd`c7227654 00007ffd`c742c488 00007ffd`c745e65b 00007ffd`c7993f6b 00007ffd`c7dba8c2 00007ffd`c7dba8c5 00007ffd`c7dba8c8 00007ffd`c7dba8d4 00007ffd`c82f4588 00007ffd`c8a23e0a 00007ffd`c8a23e81 00007ffd`ca06327b 00007ffd`ca9bb9d0 00007ffd`caa33dc8 00007ffd`caa33de0 00007ffd`cadd4000 00007ffd`fe1a63ec 00007ffd`fe1a6ae0 00007ffd`fe1a9f10 00007ffd`fe1aa059 0000e5ca`84b239d5 03b68a96 imagesize: 03c64000 file 0409 04b0 information 07:00:00 0:000> 131cc 143 14d34 167 176 2019 218 221 29th 365 369 3800 3804 3806 3941 466 4889c1 4889d9 4889da 488b01 488b38 500 5cecc050 641 918 :00007ffd`c7dba8bf ::channelassociatedgroupcontroller::acceptonproxythread+0x84 ;document ;function ;jshelpers ;portal ;settimeout ;tagattributes ;var >::runonce+0x41 >body>html>this about access act activate activatethe actually add added ae2d5ecf90ef44374c4c44205044422e1 affected after ago all already also analysis annotator any app file apparently appdata appendchild application are args around article attention available awarded backgroundsome base base::internal::invoker base::messagepumpforui::dorunloop+0xc4 base::messagepumpwin::run+0x4e base::runloop::runwithtimeout+0x1ae base::sequence base::taskannotator::runtask+0x122 behind bentkowski bind bit blink blink::mojom::portalstubdispatch::accept+0xd7 blog body bootstrap bounty browser browsing buffer bug build but c0000005 call call can canary case cases certainly chance child choose chrome chrome internalname: chrome legalcopyright: chromebrowse chromium clang code com com/googleprojectzero/domato com/securitymb/status/1127963181089992705 common content content::navigationcontroller::loadurlparams::~loadurlparams content::portal::navigate content::portal::navigate+0x45 content::portal::navigate+0x45:00007ffd`c7dba8bf content::xxx::xxxthe controller copyright cores course crash crashes createelement currently data timestamp: date: days debuggers decided demonstrate dereferences description details dev dev/hands development didn different disclosure dll dll originalfilename: dll productversion: dll browse dll image document domato done ds:000001d5`37b406f0= ds=002b duplicate during e8ac1b67ff early easy efl=00010200chrome element end es=002b even extends fast feed ff5020 ff9798000000 file file: files find first fixed flag flags: following found free from fs=0053 full functions fuzzer fuzzer:common fuzzers fuzzing gen generator getting github global good google grabbed grammar gs=002b had has have heap height:100 here hour hours however html htmlportalelement https: |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.