Nebula Security

Publications

Research, write-ups,
and disclosure notes.

Long-form pieces on the vulnerabilities we've found, the tooling we built to find them, and the techniques we used to exploit them.

2026

June 29, 2026 chrome

Longinus: 2 Boundaries in One Bug, Piercing Chrome’s Renderer and V8 Sandbox with a Single Vulnerability, CVE-2026-6307

Chrome V8 JavaScript engine features a heap sandbox to prevent an attacker from writing outside of the sandbox region with only a vulnerability in their JavaScript engine. However, VEGA discovered a special bug in the JIT compiler that allows an attacker to gain arbitrary read/write primitives in sandbox and even escape the sandbox to write outside of it solely on its own. This writeup will cover the technical details of the vulnerability.

19 min read