General Research

Out of Shift: How a Shared State Bug in V8’s AsmJS Parser Broke the Ubercage

JUNE 22, 2026

By Chanh Pham Overview In this blog post we take a look at a vulnerability patched in a Chrome release on 3rd March 2026 and assigned CVE-2026-3542. The vulnerability arose from a flaw in state management...

Read More

Zombie COTables: Resurrecting Freed Memory to Escape VirtualBox

JUNE 15, 2026

By Luca Ginex Overview This blog post discusses a use-after-free vulnerability that we found in VirtualBox in 2025. This vulnerability was patched on Oracle Critical Patch Update – January 2026. The vulnerability was also presented,...

Read More

Off By !: Exploiting a Use-after-Free in the Linux Kernel

JUNE 8, 2026

By Oliver Sieber Overview In this blog post, we discuss a use-after-free vulnerability that we found in the nftables subsystem of the Linux kernel in early 2025. This vulnerability was patched upstream on 5 February 2026...

Read More

Adobe Acrobat Reader Escript.api Use-After-Free Remote Code Execution

JUNE 1, 2026

By Michele Campa Overview In this blog post we take a look at a use-after-free vulnerability found in Adobe Acrobat Reader’s Escript.api module in February 2025. This issue was patched on April 2026 and...

Read More

Microsoft Windows Cloud Files Minifilter TOCTOU Privilege Escalation

OCTOBER 20, 2025

By Michele Campa Overview In this blog post we take a look at a race condition we found in Microsoft Windows Cloud Minifilter (i.e. cldflt.sys) in March 2024. This vulnerability was patched in October...

Read More

Oops Safari, I think You Spilled Something!

AUGUST 4, 2025

Overview In February 2023, researchers at Exodus Intelligence discovered a bug in the Data Flow Graph (DFG) compiler of WebKit, the browser engine used by Safari. This bug, CVE-2024-44308, was patched by Apple in...

Read More

Windows Sockets: From Registered I/O to SYSTEM Privileges

DECEMBER 2, 2024

By Luca Ginex Overview This post discusses CVE-2024-38193, a use-after-free vulnerability in the afd.sys Windows driver. Specifically, the vulnerability is in the Registered I/O extension for Windows sockets. The vulnerability was patched in the...

Read More

Mind the Patch Gap: Exploiting an io_uring Vulnerability in Ubuntu

MARCH 27, 2024

By Oriol Castejón Overview This post discusses a use-after-free vulnerability, CVE-2024-0582, in io_uring in the Linux kernel. Despite the vulnerability being patched in the stable kernel in December 2023, it wasn’t ported to Ubuntu kernels for over...

Read More

Google Chrome V8 CVE-2024-0517 Out-of-Bounds Write Code Execution

JANUARY 19, 2024

By Javier Jimenez and Vignesh Rao Overview In this blog post we take a look at a vulnerability that we found in Google Chrome’s V8 JavaScript engine a few months ago. This vulnerability was patched...

Read More

Safari, Hold Still for NaN Minutes!

DECEMBER 11, 2023

By Vignesh Rao and Javier Jimenez Introduction In October 2023 Vignesh and Javier presented the discovery of a few bugs affecting JavaScriptCore, the JavaScript engine of Safari. The presentation revolved around the idea that browser research is...

Read More