PwnTips
diff --git a/‎_posts/2025-08-03-CVE-2025-6554.md‎
Lines changed: 7 additions & 1 deletion b/‎_posts/2025-08-03-CVE-2025-6554.md‎
Lines changed: 7 additions & 1 deletion
diff --git a/‎Pasted image 20250803012420.png‎ ‎…s/images/Pasted image 20250803012420.png‎Pasted image 20250803012420.png renamed to assets/images/Pasted image 20250803012420.png b/‎Pasted image 20250803012420.png‎ ‎…s/images/Pasted image 20250803012420.png‎Pasted image 20250803012420.png renamed to assets/images/Pasted image 20250803012420.png
@@ -1,12 +1,18 @@
 
+---
+layout: post
+title: CVE-2025-6554 分析
+tags:
+---
+
 好久没有分析过 v8 漏洞了，挑一个比较新的，体验一下 2025 年利用 v8 漏洞的难度，看看最近几年有没有增加新的安全特性。
 
 尝试 google 搜索一个比较新的但是又有一些资料的 v8 漏洞，发现了 https://ti.qianxin.com/blog/articles/a-brief-analysis-of-chrome-0day-cve-2025-6554-en/ 这篇，读了个开头，就找到了 DARKNAVY 发布的 POC https://github.com/DarkNavySecurity/PoC/blob/main/CVE-2025-6554/poc.js 。这样就有足够的信息可以先开始我自己的分析了，等卡住的时候，再回去看别人的分析。
 
 先构造环境复现漏洞，根据 Chrome 发版记录，找到漏洞修复的版本在 , 那么前一个发版是 https://chromereleases.googleblog.com/2025/06/stable-channel-update-for-desktop_24.html `138.0.7204.49/50`
 
 从 https://chromiumdash.appspot.com/releases?platform=Windows 找到对应的备份
-![[Pasted image 20250803012420.png]]
+![](/assets/images/Pasted%20image%2020250803012420.png)
 https://commondatastorage.googleapis.com/chromium-browser-snapshots/index.html?prefix=Win_x64/1465706/
 
 源码也切换到对应的 tag https://chromium.googlesource.com/chromium/src/+/refs/tags/138.0.7204.50