Lan Vu 🇻🇳

107 posts

Lan Vu 🇻🇳

@lanleft_

she/her | coffee delivery at Qrious Secure @qriousec |

Vietnam Katılım Eylül 2019

483 Takip Edilen1.6K Takipçiler

Lan Vu 🇻🇳@lanleft_·3d

Cứ khóc đi khóc đi, đừng ngại ngùng 🤧

Qrious Secure@qriousec

The released firefox 150.0.3 today has killed our renderer exploit component, since only 1 day left we have no choice but withdrawal our entry.Kudos to our teammate @trichimtrich , @lanleft_ and @wiz1340 for their hard works that created 2 fullchains work flawlessly from firefox 147-150.0.2 ( 4m+ alive) but was being killed one week and 1 day before the event Good luck for the rest of participants! And thanks everyone for wishing us luck 🙏 Like usual, we will share writeup in future when the affected version is irrelevant, Cheers!

Tiếng Việt

6.5K

Lan Vu 🇻🇳 retweetledi

Qrious Secure@qriousec·5d

We’ve been through all kinds of situations: exploits failing, vendors turning off services during demos, patches being released the night before a demo, and more but we happily accepted and continue to play. And if you don’t participate in the game, who cares about your opinion?

English

3.9K

Lan Vu 🇻🇳 retweetledi

Qrious Secure@qriousec·8 May

Firefox x Mythos fixed 423 bugs in April. They released stable 150.0.2! youtu.be/exkq427zKRU?si… via @YouTube

YouTube

English

15.6K

Lan Vu 🇻🇳 retweetledi

Qrious Secure@qriousec·22 Nis

Despite 271 bugs massacred by Anthropic, our renderer rce and sbx escape alive and well ready unless there is sudden patch before p2o ( mean we dont have enough time for prepare new one ) - wish us luck! blog.mozilla.org/en/privacy-sec…

English

376

76.6K

Lan Vu 🇻🇳 retweetledi

Qrious Secure@qriousec·4 Nis

Have Anthropic killed all the Firefish? 0c10b84aa1e72c46319c9a6b4dff5801 : exploit_browser.html just in case patched before p2o 😂

English

193

32.4K

Lan Vu 🇻🇳@lanleft_·28 Mar

Check out my latest blog post. I hope you all enjoy it 👉👈 qriousec.github.io/post/cve-2025-…

English

249

15.9K

Lan Vu 🇻🇳 retweetledi

Qrious Secure@qriousec·28 Mar

Technical details on exploiting Firefox 0day we found last year by AI-assisted fuzzing. by @lanleft_ qriousec.github.io/post/cve-2025-…

Qrious Secure@qriousec

Double Kill 🤪 Mozilla team working on the patch, we developing the exploit, no drama needed 😎

English

151

19.8K

Lan Vu 🇻🇳 retweetledi

Qrious Secure@qriousec·17 Mar

One Repo x Codex/Claude Code/Cursor! by @trichimtrich

Português

10.8K

Lan Vu 🇻🇳@lanleft_·16 Ara

Ye, I just turned a new age 😊

English

Lan Vu 🇻🇳 retweetledi

Toan Pham@__suto·10 Ara

Not a single LLM can correctly explain the root cause even given the crash poc of this bug, let alone talk about how to write the exploit code. Kudo @lanleft_ for her great works! We may publish writeup when it no longer hot.

Qrious Secure@qriousec

@lanleft_ has convinced firefox GC to give her a shell 🤪

English

9.8K

Lan Vu 🇻🇳@lanleft_·10 Ara

ah ha, I made it ☺️

Qrious Secure@qriousec

@lanleft_ has convinced firefox GC to give her a shell 🤪

English

3.1K

Lan Vu 🇻🇳 retweetledi

pr0cf5@pr0cf51·5 Ara

Last month, I gave a talk at @POC_Crew about ATLANTIS and the tech behind our #AIxCC win. We dove into competition details, using LLMs for deep bug discovery, and what's next for AI in security. github.com/pr0cf5/talks/b…

English

6.7K

Lan Vu 🇻🇳 retweetledi

cts🌸@gf_256·1 Ara

crazy find at the huawei store

English

133

387

555.1K

Lan Vu 🇻🇳 retweetledi

Years Progress@YearsProgress·28 Kas

2025 is 91% complete.

English

732

3.7K

108.4K

Lan Vu 🇻🇳 retweetledi

Toan Pham@__suto·24 Kas

A quick review theses Chrome libAngle issues found by Big Sleep likely from fuzzer output more than AI reasoning, 1 or 2 issues even not exploitable because of libc++ mitigation enabled by default in Chrome. issuetracker.google.com/issues?q=%20co… The fuzzer still producing many crashes: issues.chromium.org/issues?q=angle…

English

3.9K

Lan Vu 🇻🇳@lanleft_·10 Eyl

Can not get a cve from this vulnerability, it’s quite sad 😞 By the way, I’d like to give a huge thanks to my mentor @__suto 😊

Qrious Secure@qriousec

Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chrome’s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. qriousec.github.io/post/oob-angle/ by @lanleft_ + @__suto

English

5.7K

Lan Vu 🇻🇳 retweetledi

stephen@_tsuro·10 Ağu

If you like Chrome IPC shenanigans like this, you might also enjoy my talk from black hat 25: youtu.be/qhhJCLy0YBA?si…

YouTube

xvonfers@xvonfers

Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4125787… #comment11" target="_blank" rel="nofollow noopener">issues.chromium.org/issues/4125787…

English

227

37.6K

Lan Vu 🇻🇳 retweetledi

Samuel Groß@5aelo·1 Ağu

We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectz… It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

English

293

24.6K

Lan Vu 🇻🇳 retweetledi

Off-By-One Conference@offbyoneconf·8 May

Singapore - shout it out for Yuki Chen 🤩 !!! Bringing Day 1 of @offbyoneconf 2025 to a explosive end with 𝐀 𝐉𝐨𝐮𝐫𝐧𝐞𝐲 𝐢𝐧𝐭𝐨 𝐖𝐢𝐧𝐝𝐨𝐰𝐬 𝐒𝐞𝐜𝐮𝐫𝐢𝐭𝐲 𝐒𝐮𝐩𝐩𝐨𝐫𝐭 𝐏𝐫𝐨𝐯𝐢𝐝𝐞𝐫 𝐈𝐧𝐭𝐞𝐫𝐟𝐚𝐜𝐞. 🙇🙇🙇

English

12.1K

Lan Vu 🇻🇳 retweetledi

Qrious Secure@qriousec·9 Oca

A brief JavascriptCore RCE story by @lanleft_ and An Nguyễn qriousec.github.io/post/jsc-unini…

226

20.4K

Keşfet

@YouTube @trichimtrich @POC_Crew @__suto @offbyoneconf @elonmusk @BarackObama @taylorswift13