Chrome Array Transfer Bypass

The fix for CVE-2021-21148 has added a check in |ValueSerializer::WriteJSArrayBuffer| to make sure non-detachable array buffers cannot be transferred. The check can be bypassed with the help of asm.js and property getters.


MD5 | 2c54899cf0b5cf9ab027a5329061b62e


Related Posts