browser-exploitation-v8
CommunityGuide V8 JIT bugs to renderer RCE.
Software Engineering#browser security#wasm#v8#memory corruption#type confusion#jit exploitation#sandbox escape
AuthorlNwNl
Version1.0.0
Installs0
System Documentation
What problem does it solve?
It helps security researchers reason about and plan exploitation chains for JavaScript engines, specifically V8 and Chrome renderer escape paths, when targeting JIT type confusion, bounds-check elimination mistakes, and sandbox bypass steps.
Core Features & Use Cases
- V8 architecture walkthrough: maps the compilation/optimization pipeline and key runtime concepts (maps, elements kinds, pointer compression, GC behavior).
- Bug-class to primitive mapping: translates common V8 vulnerability classes into exploitation primitives like addrof, fakeobj, and OOB read/write.
- Sandbox and Chrome escape overview: explains how V8 sandbox cage constraints affect ArrayBuffer/WASM strategies and what kinds of browser-process escape conditions are typically needed.
- Practical decision framework: provides a decision tree for choosing exploitation paths based on identified bug type and whether the sandbox is enabled.
Quick Start
Ask the AI to produce a step-by-step exploitation plan for a discovered V8 JIT type confusion bug, including the expected primitives and how pointer compression/sandbox constraints change the chain.
Dependency Matrix
Required Modules
None requiredComponents
references
💻 Claude Code Installation
Recommended: Let Claude install automatically. Simply copy and paste the text below to Claude Code.
Please help me install this Skill: Name: browser-exploitation-v8 Download link: https://github.com/lNwNl/Methodos/archive/main.zip#browser-exploitation-v8 Please download this .zip file, extract it, and install it in the .claude/skills/ directory.
Agent Skills Search Helper
Install a tiny helper to your Agent, search and equip skill from 471,000+ vetted skills library on demand.