Heap Buffer Overflow in Skia in Google Chrome

This repository is a proof-of-concept (PoC) exploit for a vulnerability in the GPU process of Chromium/Chrome browsers prior to version 128. The exploit consists of four files: - README.txt: Provides step-by-step instructions to reproduce the issue, including applying a patch, generating a payload, and triggering the bug. - chromium.diff: A patch to Chromium's raster_implementation.cc, which adds code to load a crafted Skia picture and send it to the GPU process in a specific way, potentially triggering a vulnerability. - genskpic.py: A Python script that generates a malicious Skia picture file (pic.skp) and a corresponding C++ header (drawable_picture.skp.hh) containing the payload as a byte array. - index.html: A minimal HTML/JavaScript file that, when loaded in the patched browser, triggers the vulnerable code path by drawing many rectangles on a canvas. The exploit demonstrates a GPU process crash (denial of service) by abusing the way Skia picture data is handled in the browser's GPU rasterization code. The exploit is not weaponized for code execution but serves as a PoC for the underlying vulnerability. No network endpoints or external services are involved; the attack vector is via local browser rendering. The exploit targets Google Chrome and Chromium browsers prior to version 128, as the issue is noted as fixed in M128.