Skip to content
FileReader Exploit
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
README.md Exploit by Istvan Kurucsai Mar 20, 2019
exploit.html Exploit by Istvan Kurucsai Mar 20, 2019
exploit.js Exploit by Istvan Kurucsai Mar 20, 2019
iframe.html Exploit by Istvan Kurucsai Mar 20, 2019
worker.js Exploit by Istvan Kurucsai Mar 20, 2019

README.md

CVE-2019-5786 Chrome 72.0.3626.119 stable FileReader UaF exploit for Windows 7 x86.

This exploit uses site-isolation to brute-force the vulnerability. iframe.html is the wrapper script that loads the exploit, contained in the other files, repeatedly into an iframe.

  • host iframe.html on one site and exploit.html, exploit.js and wokrer.js on another. Change line 13 in iframe.html to the URL of exploit.html
  • start chrome with the --no-sandbox argument
  • navigate to iframe.html
You can’t perform that action at this time.