<?xml version='1.0' encoding='UTF-8'?>
<?xml-stylesheet href="/static/style.xsl" type="text/xsl"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <id>https://vulnerability.circl.lu/sightings/feed</id>
  <title>Most recent sightings.</title>
  <updated>2026-07-13T05:57:10.420659+00:00</updated>
  <author>
    <name>Vulnerability-Lookup</name>
    <email>info@circl.lu</email>
  </author>
  <link href="https://vulnerability.circl.lu" rel="alternate"/>
  <generator uri="https://lkiesow.github.io/python-feedgen" version="1.0.0">python-feedgen</generator>
  <subtitle>Contains only the most 10 recent sightings.</subtitle>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/7df4d925-a29d-4a5b-adda-952319ced6be/export</id>
    <title>7df4d925-a29d-4a5b-adda-952319ced6be</title>
    <updated>2026-07-13T05:57:10.437810+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "7df4d925-a29d-4a5b-adda-952319ced6be", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2777", "content": "\ud83d\udd25 Chrome RCE PoC: CVE-2026-6307\n\nA working renderer RCE Proof of Concept for CVE-2026-6307 \u2014 a V8 type-confusion bug (JS-to-Wasm deoptimization) patched in Chrome 147.0.7727.101.\n\n\u2705 Full primitives (addrof/fakeobj, out-of-cage, in-cage r/w)  \n\u2705 No-ASLR RCE that patches JIT code to pop xcalc  \n\u2705 Based on Nebula Security writeup  \n\u2705 Heavily improved with frontier LLMs + human direction (4-day experiment)\n\nThis is renderer-only and still far from fully weaponized, but great for learning and research.\n\n\ud83d\udce5 PoC + scripts:  \nhttps://github.com/0xsha/CVE-2026-6307\n\n#Chrome #V8 #Exploit #CVE #SecurityResearch", "creation_timestamp": "2026-07-12T00:00:53.308735Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/7df4d925-a29d-4a5b-adda-952319ced6be/export"/>
    <published>2026-07-12T00:00:53.308735+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/fa950b6c-a7c4-4010-8d07-0f729d1803b9/export</id>
    <title>fa950b6c-a7c4-4010-8d07-0f729d1803b9</title>
    <updated>2026-07-13T05:57:10.440116+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "fa950b6c-a7c4-4010-8d07-0f729d1803b9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/2777", "content": "\ud83d\udd25 Chrome RCE PoC: CVE-2026-6307\n\nA working renderer RCE Proof of Concept for CVE-2026-6307 \u2014 a V8 type-confusion bug (JS-to-Wasm deoptimization) patched in Chrome 147.0.7727.101.\n\n\u2705 Full primitives (addrof/fakeobj, out-of-cage, in-cage r/w)  \n\u2705 No-ASLR RCE that patches JIT code to pop xcalc  \n\u2705 Based on Nebula Security writeup  \n\u2705 Heavily improved with frontier LLMs + human direction (4-day experiment)\n\nThis is renderer-only and still far from fully weaponized, but great for learning and research.\n\n\ud83d\udce5 PoC + scripts:  \nhttps://github.com/0xsha/CVE-2026-6307\n\n#Chrome #V8 #Exploit #CVE #SecurityResearch", "creation_timestamp": "2026-07-11T09:00:04.624481Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/fa950b6c-a7c4-4010-8d07-0f729d1803b9/export"/>
    <published>2026-07-11T09:00:04.624481+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/63e385e3-4208-4ddc-a0a5-665dee84acbb/export</id>
    <title>63e385e3-4208-4ddc-a0a5-665dee84acbb</title>
    <updated>2026-07-13T05:57:10.440202+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "63e385e3-4208-4ddc-a0a5-665dee84acbb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://t.me/brutsecurity/2777", "content": "\ud83d\udd25 Chrome RCE PoC: CVE-2026-6307\n\nA working renderer RCE Proof of Concept for CVE-2026-6307 \u2014 a V8 type-confusion bug (JS-to-Wasm deoptimization) patched in Chrome 147.0.7727.101.\n\n\u2705 Full primitives (addrof/fakeobj, out-of-cage, in-cage r/w)  \n\u2705 No-ASLR RCE that patches JIT code to pop xcalc  \n\u2705 Based on Nebula Security writeup  \n\u2705 Heavily improved with frontier LLMs + human direction (4-day experiment)\n\nThis is renderer-only and still far from fully weaponized, but great for learning and research.\n\n\ud83d\udce5 PoC + scripts:  \nhttps://github.com/0xsha/CVE-2026-6307\n\n#Chrome #V8 #Exploit #CVE #SecurityResearch", "creation_timestamp": "2026-07-10T00:00:11.678919Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/63e385e3-4208-4ddc-a0a5-665dee84acbb/export"/>
    <published>2026-07-10T00:00:11.678919+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/c753522f-afc1-4452-8c8b-0efd9087b452/export</id>
    <title>c753522f-afc1-4452-8c8b-0efd9087b452</title>
    <updated>2026-07-13T05:57:10.440274+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "c753522f-afc1-4452-8c8b-0efd9087b452", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://t.me/brutsecurity/2777", "content": "\ud83d\udd25 Chrome RCE PoC: CVE-2026-6307\n\nA working renderer RCE Proof of Concept for CVE-2026-6307 \u2014 a V8 type-confusion bug (JS-to-Wasm deoptimization) patched in Chrome 147.0.7727.101.\n\n\u2705 Full primitives (addrof/fakeobj, out-of-cage, in-cage r/w)  \n\u2705 No-ASLR RCE that patches JIT code to pop xcalc  \n\u2705 Based on Nebula Security writeup  \n\u2705 Heavily improved with frontier LLMs + human direction (4-day experiment)\n\nThis is renderer-only and still far from fully weaponized, but great for learning and research.\n\n\ud83d\udce5 PoC + scripts:  \nhttps://github.com/0xsha/CVE-2026-6307\n\n#Chrome #V8 #Exploit #CVE #SecurityResearch", "creation_timestamp": "2026-07-09T03:00:04.592434Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/c753522f-afc1-4452-8c8b-0efd9087b452/export"/>
    <published>2026-07-09T03:00:04.592434+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/b3fd604a-1aa2-4837-b20f-8d30034212f8/export</id>
    <title>b3fd604a-1aa2-4837-b20f-8d30034212f8</title>
    <updated>2026-07-13T05:57:10.440346+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "b3fd604a-1aa2-4837-b20f-8d30034212f8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://bsky.app/profile/foursignalsdev.bsky.social/post/3mpjvibwvf22t", "content": "CVE-2026-6307: one V8 bug in Chrome\u2019s TurboFan JIT gives both heap read/write and sandbox escape. Present since Chrome 106, it exploits incorrect deopt metadata in JS-to-Wasm inlining. Patch now\u2014this single flaw bypasses V8\u2019s sandbox, a\u2026", "creation_timestamp": "2026-06-30T21:00:15.106889Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/b3fd604a-1aa2-4837-b20f-8d30034212f8/export"/>
    <published>2026-06-30T21:00:15.106889+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/809d9f47-d3e0-49a6-9ab9-317744dbacba/export</id>
    <title>809d9f47-d3e0-49a6-9ab9-317744dbacba</title>
    <updated>2026-07-13T05:57:10.440414+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "809d9f47-d3e0-49a6-9ab9-317744dbacba", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://bsky.app/profile/crustytldr.bsky.social/post/3mph3brnxew25", "content": "\ud83d\udd12 Longinus: 2 Boundaries in One Bug, Piercing Chrome\u2019s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307\n\nNebula Security Research identified \"Longinus\" (CVE-2026-6...\n\nhttps://tinyurl.com/246rwbrx #CyberSecurity #InfoSec #CrustyTLDR", "creation_timestamp": "2026-06-29T18:05:59.438179Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/809d9f47-d3e0-49a6-9ab9-317744dbacba/export"/>
    <published>2026-06-29T18:05:59.438179+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/19b4d787-e6c9-41a9-8316-68bae0cf6432/export</id>
    <title>19b4d787-e6c9-41a9-8316-68bae0cf6432</title>
    <updated>2026-07-13T05:57:10.440487+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "19b4d787-e6c9-41a9-8316-68bae0cf6432", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://bsky.app/profile/lobsters-feed.bsky.social/post/3mpgt4u7af42m", "content": "Longinus: 2 Boundaries in One Bug, Piercing Chrome\u2019s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307 https://lobste.rs/s/uaoe9y #security #web ", "creation_timestamp": "2026-06-29T15:40:04.714735Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/19b4d787-e6c9-41a9-8316-68bae0cf6432/export"/>
    <published>2026-06-29T15:40:04.714735+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/59bd3b67-c325-43ff-a53a-0678f75e3ea0/export</id>
    <title>59bd3b67-c325-43ff-a53a-0678f75e3ea0</title>
    <updated>2026-07-13T05:57:10.440556+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "59bd3b67-c325-43ff-a53a-0678f75e3ea0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://bsky.app/profile/news.karthihegde.dev/post/3mpgr3yiled2w", "content": "Longinus: 2 Boundaries in One Bug, Piercing Chrome\u2019s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307\nDiscussion | lobsters | Author: devgianlu", "creation_timestamp": "2026-06-29T15:03:56.452339Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/59bd3b67-c325-43ff-a53a-0678f75e3ea0/export"/>
    <published>2026-06-29T15:03:56.452339+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/6065eaa8-25ab-47bc-96e0-a9400747d40c/export</id>
    <title>6065eaa8-25ab-47bc-96e0-a9400747d40c</title>
    <updated>2026-07-13T05:57:10.440621+00:00</updated>
    <author>
      <name>Automation user</name>
      <uri>https://cvepremium.circl.lu/user/automation</uri>
    </author>
    <content>{"uuid": "6065eaa8-25ab-47bc-96e0-a9400747d40c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnpxs5xii22i", "content": "\ud83d\udccc CVE-2026-6307 - Type Confusion in Turbofan in Google Chrome prior to 147.0.7727.101 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted... https://www.cyberhub.blog/cves/CVE-2026-6307", "creation_timestamp": "2026-06-07T20:07:08.651076Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/6065eaa8-25ab-47bc-96e0-a9400747d40c/export"/>
    <published>2026-06-07T20:07:08.651076+00:00</published>
  </entry>
  <entry>
    <id>https://vulnerability.circl.lu/sighting/1b27350f-2265-447d-a3f1-669151503480/export</id>
    <title>1b27350f-2265-447d-a3f1-669151503480</title>
    <updated>2026-07-13T05:57:10.440679+00:00</updated>
    <author>
      <name>Joseph Lee</name>
      <uri>https://cvepremium.circl.lu/user/syspect</uri>
    </author>
    <content>{"uuid": "1b27350f-2265-447d-a3f1-669151503480", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-6307", "type": "seen", "source": "https://www.hkcert.org/security-bulletin/chromeos-multiple-vulnerabilities_20260428", "content": "", "creation_timestamp": "2026-04-27T20:00:00.000000Z"}</content>
    <link href="https://vulnerability.circl.lu/sighting/1b27350f-2265-447d-a3f1-669151503480/export"/>
    <published>2026-04-27T20:00:00+00:00</published>
  </entry>
</feed>
