“The Maglev compiler is a mid-tier JIT compiler used by v8. Compared to the top-tier JIT compiler, TurboFan, Maglev generates less optimized code but with a faster compilation speed” （Chrome 114 以降

daruyanagi のブックマーク 2023/10/18 08:50

<blockquote class="hatena-bookmark-comment"><a class="comment-info" href="https://b.hatena.ne.jp/entry/4743745644633718319/comment/daruyanagi" data-user-id="daruyanagi" data-entry-url="https://b.hatena.ne.jp/entry/s/github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler/" data-original-href="https://github.blog/2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler/" data-entry-favicon="https://cdn-ak2.favicon.st-hatena.com/64?url=https%3A%2F%2Fgithub.blog%2F2023-10-17-getting-rce-in-chrome-with-incomplete-object-initialization-in-the-maglev-compiler%2F" data-user-icon="/users/daruyanagi/profile.png">Getting RCE in Chrome with incomplete object initialization in the Maglev compiler</a><br><p style="clear: left">“The Maglev compiler is a mid-tier JIT compiler used by v8. Compared to the top-tier JIT compiler, TurboFan, Maglev generates less optimized code but with a faster compilation speed” （Chrome 114 以降</p><a class="datetime" href="https://b.hatena.ne.jp/daruyanagi/20231018#bookmark-4743745644633718319"><span class="datetime-body">2023/10/18 08:50</span></a></blockquote><script src="https://b.st-hatena.com/js/comment-widget.js" charset="utf-8" async></script>

このブックマークにはスターがありません。
最初のスターをつけてみよう！

Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

github.blog2023/10/18

SecurityGetting RCE in Chrome with incomplete object initialization in the Maglev compilerIn this post, I'll exploit CVE-2023-4069, a type confusion in Chrome that allows remote code execution (RCE...

2 人がブックマーク・1 件のコメント

他のコメントを読む

＼コメントがサクサク読めるアプリです／

はてなブックマーク

Getting RCE in Chrome with incomplete object initialization in the Maglev compiler

はてなブックマーク

公式Twitter

はてなのサービス