Three sources were used to gather the dataset:
- In-line PoC payloads on public V8 bug reports.
- Attachments on V8 bug reports.
- If there is no PoC available uploaded to the bug report, we have found the added regress/stress testcase in the V8 codebase associated with the bug report.
The following Chromium Bug Tracker search queries were useful in finding vulnerabilities that may contain PoCs:
Find Bug Reports with In-line PoC Payloads:
Find Bug Reports with PoC Attachments, or Links to External PoCs:
Using this approach, we have managed to gather a large set of PoCs from both external researchers as well as Clusterfuzz.
Note: This is not an exhaustive list, we have ignored duplicates and low severity bugs, additionally, there are likely bugs that we have missed.
2021-06-05 00:00 +0000