Full title: Google Chrome RCE + Sandbox Escape 0day Exploit Category: remote exploits Platform: windows 1. Item name: Google Chrome RCE + Sandbox Escape 0day Exploit 2. Affected OS : Windows 10 3. Vulnerable Target application versions and reliability. If 32 bit only, is 64 bit vulnerable? The vulnerability is present in the 32-bit and 64-bit versions of Google Chrome. With this vulnerability, you can Remote Code Execute and Sandbox Escape in the target system. 4. Tested, functional against target application versions, list complete point release range. Tested on Google Chrome 50.0.2661 (x86 & x64) and up to last versions, Windows 10 x86 & x64 (1507 up to 1703). 5. Does this exploit affect the current target version? [X] Yes [ ] No 6. Privilege Level Gained [ ] As logged in user (Select Integrity level below for Windows) [ ] Web Browser's default (IE - Low, Others - Med) [ ] Low [X] Medium [ ] High [ ] Root, Admin or System [ ] Ring 0/Kernel 7. Minimum Privilege Level Required For Successful PE [X] As logged in user (Select Integrity level below for Windows) [ ] Low [ ] Medium [ ] High 8. Exploit Type (select all that apply) [X] Remote code execution [ ] Privilege escalation [ ] Font based [X] Sandbox escape [ ] Information disclosure (peek) [ ] Code signing bypass [ ] Persistency 9. Delivery Method [X] Via web page [ ] Via file [ ] Via network protocol [ ] Local privilege escalation 10. Bug Class [X] memory corruption [ ] design/logic flaw (auth-bypass / update issues) [ ] input validation flaw (XSS/XSRF/SQLi/command injection, etc.) [ ] misconfiguration [ ] information disclosure [ ] cryptographic bug [ ] denial of service 11. Exploitation Parameters [X] Bypasses ASLR [X] Bypasses DEP / W ^ X [ ] Bypasses SMEP/PXN [X] Bypasses EMET Version 5.52± [ ] Bypasses CFG (Win 8.1) 12. Does it require additional work to be compatible with arbitrary payloads? [X] Yes [ ] No # 0day.today @ http://0day.today/