add vuln chromium

xanhacks · Nov 3, 2023 · 79c5497 · 79c5497
1 parent f6a69b4
commit 79c5497
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 0 deletions.
diff --git a/content/en/docs/getting-started/vulnerability-reports.md b/content/en/docs/getting-started/vulnerability-reports.md
@@ -40,6 +40,7 @@ toc: true
 - [Article - Shadow DOM data exfiltration](https://blog.ankursundara.com/shadow-dom/) & [CTF - shadow](https://github.com/Super-Guesser/ctf/blob/master/2022/dicectf/shadow.md)
 - [Article - The great SameSite confusion](https://jub0bs.com/posts/2021-01-29-great-samesite-confusion/)
 - [Article - CSP bypass on Wordpress using SOME](https://octagon.net/blog/2022/05/29/bypass-csp-using-wordpress-by-abusing-same-origin-method-execution/)
+- [Article - XSS with bypass on ProtonMail webclient](https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/)
 
 ## Server-Side
 

diff --git a/content/en/docs/others/browser-exploit.md b/content/en/docs/others/browser-exploit.md
@@ -23,3 +23,12 @@ chrome.exe --remote-debugging-port=9222
 - [WriteUp ctf-screenshotter](https://github.com/LiveOverflow/ctf-screenshotter/blob/solution/DO_NOT_ACCESS/README.md)
 - [Chrome DevTools Protocol](https://chromedevtools.github.io/devtools-protocol/)
 - Local File Inclusion: `http://localhost:9222/json/new?view-source:file:///etc/passwd`
+
+## Vulnerabilities
+
+### Chromium
+
+#### Arbitrary file reading
+
+- [Issue 1458911: Security: Libxslt arbitrary file reading using document() method and external entities.](https://bugs.chromium.org/p/chromium/issues/detail?id=1458911)
+- Version: Chrome <= 116.0.5845.0