RedpwnCTF 2021 Chromium SBX Tasks Writeup (Empires and Deserts)

This report is a CTF writeup describing a Chromium sandbox-escape vulnerability in Mojo-serialised structs that allows OOB/uninitialized reads and leaking of an UnguessableToken to trigger a backdoor mapping RWX memory and execute shellcode; the author explains the buggy structs, exploitation strategy, mojojs binding changes, and demonstrates a working exploit in the challenge environment.