Note: In chrome, this is not a new vulnerability, it was patched (roll-up commit) in March 2023. This PoC targets only chrome headless mode. However, I think it's an interesting read if you want to explore some internals and see the exploitation on PartitionAlloc when you have a small slot_size xD
Author: Altin (tin-z)
Env:
- commit a7a083d
- ubuntu 20/24
Table of contents:
- analysis and exploitation writeup
- poc_rce
- poc_leak
- tests
- https://github.com/tin-z/PartitionAlloc_gdb
python font_gen_POC.py
cp poc.ttf poc_rce/

