Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a singl...

By Sonic Mustang · March 16, 2026 · 1 min read

Attack of the clones: Getting RCE in Chrome’s renderer with duplicate object properties

security
vulnerability research
exploit development
github security lab
vulnerability research

Source: The GitHub Blog

In this post, I’ll exploit CVE-2024-3833, an object corruption bug in v8, the Javascript engine of Chrome, that allows remote code execution (RCE) in the renderer sandbox of Chrome by a single visit to a malicious site.