Back to directory
WRITEUP #201

Universal Code Execution by Chaining Messages in Browser Extensions

XSSUniversal XSSSOP bypasspostMessageRCEBrowser extension hacking
by@spaceraccoonsec(Eugene Lim)
Program
-
Published
Jul 7, 2024
Added to HackDex
Jul 8, 2024
Read Full Writeuphttps://spaceraccoon.dev/universal-code-execution-browser-extensions/
RELATED WRITEUPS
From MLOps to MLOops: Exposing the Attack Surface of Machine Learning Platforms
AI / LLMAI
Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server!
RCEConfusion attack
Studying 0days: How we hacked Anki, the world's most popular flashcard app
RCEComponents with known vulnerabilities
We hacked Anki - 0 day exploit from studying someone elses flashcards
RCEComponents with known vulnerabilities
Evernote RCE: From PDF.js font-injection to All-platform Electron exposed ipcRenderer with listened BrokerBridge Remote-Code Execution
RCEXSS

Built with ❤️ by Shubham Rawat