EXODUS BLOG

Month: May 2019

Pwn2Own 2019: Microsoft Edge Sandbox Escape (CVE-2019-0938). Part 2

MAY 27, 2019

By Arthur Gerkis This is the second part of the blog post on the Microsoft Edge full-chain exploit. It provides analysis and describes exploitation of a logical vulnerability in the implementation of the Microsoft...

Pwn2Own 2019: Microsoft Edge Renderer Exploitation (CVE-2019-0940). Part 1

MAY 19, 2019

By Arthur Gerkis This year Exodus Intelligence participated in the Pwn2Own competition in Vancouver. The chosen target was the Microsoft Edge browser and a full-chain browser exploit was successfully demonstrated. The exploit consisted of...

Windows Within Windows – Escaping The Chrome Sandbox With a Win32k NDay

MAY 17, 2019

This post explores a recently patched Win32k vulnerability (CVE-2019-0808) that was used in the wild with CVE-2019-5786 to provide a full Google Chrome sandbox escape chain. Overview On March 7th 2019, Google came out...