@lanleft_ profile picture
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ @lanleft_

she/her | coffee delivery at Qrious Secure @qriousec |

Joined September 2019
  • Tweets 107
  • Following 494
  • Followers 1,593
4 Photos and videos
Cแปฉ khรณc ฤ‘i khรณc ฤ‘i, ฤ‘แปซng ngแบกi ngรนng ๐Ÿคง
Qrious Secure
@qriousec
May 12
The released firefox 150.0.3 today has killed our renderer exploit component, since only 1 day left we have no choice but withdrawal our entry.Kudos to our teammate @trichimtrich , @lanleft_ and @wiz1340 for their hard works that created 2 fullchains work flawlessly from firefox 147-150.0.2 ( 4m alive) but was being killed one week and 1 day before the event Good luck for the rest of participants! And thanks everyone for wishing us luck ๐Ÿ™ Like usual, we will share writeup in future when the affected version is irrelevant, Cheers!
4
2
69
6,860
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Qrious Secure
@qriousec
May 11
Weโ€™ve been through all kinds of situations: exploits failing, vendors turning off services during demos, patches being released the night before a demo, and more but we happily accepted and continue to play. And if you donโ€™t participate in the game, who cares about your opinion?
5
35
4,232
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Qrious Secure
@qriousec
May 8
Firefox x Mythos fixed 423 bugs in April. They released stable 150.0.2! youtu.be/exkq427zKRU?si=VN6Hโ€ฆ via @YouTube

Attack on Titan | Beast Titan Throw Rocks On Survey Corps | 1080p60

Enjoy the videos and music you love, upload original content, and share it all with friends, family, and the world on YouTube.

youtube.com
3
24
15,990
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Qrious Secure
@qriousec
Apr 22
Despite 271 bugs massacred by Anthropic, our renderer rce and sbx escape alive and well ready unless there is sudden patch before p2o ( mean we dont have enough time for prepare new one ) - wish us luck! blog.mozilla.org/en/privacy-โ€ฆ
15
50
372
76,993
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Qrious Secure
@qriousec
Apr 4
Have Anthropic killed all the Firefish? 0c10b84aa1e72c46319c9a6b4dff5801 : exploit_browser.html just in case patched before p2o ๐Ÿ˜‚
13
193
33,010
Check out my latest blog post. I hope you all enjoy it ๐Ÿ‘‰๐Ÿ‘ˆ qriousec.github.io/post/cve-โ€ฆ

CVE-2025-14325: SpiderMonkey Type Confusion in Baseline JIT Inline Cache

This image was created by Suto that captures the challenge of finding the right path. It is a process of constant testing, failing, and learning until we eventually find the way out Last year, we...

qriousec.github.io
5
47
248
15,979
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Qrious Secure
@qriousec
Mar 28
Technical details on exploiting Firefox 0day we found last year by AI-assisted fuzzing. by @lanleft_ qriousec.github.io/post/cve-โ€ฆ

CVE-2025-14325: SpiderMonkey Type Confusion in Baseline JIT Inline Cache

This image was created by Suto that captures the challenge of finding the right path. It is a process of constant testing, failing, and learning until we eventually find the way out Last year, we...

qriousec.github.io
Qrious Secure
@qriousec
4 Nov 2025
Double Kill ๐Ÿคช Mozilla team working on the patch, we developing the exploit, no drama needed ๐Ÿ˜Ž
33
151
20,006
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Qrious Secure
@qriousec
Mar 17
One Repo x Codex/Claude Code/Cursor! by @trichimtrich
1:05
4
42
11,058
Ye, I just turned a new age ๐Ÿ˜Š
32
2,053
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Toan Pham
@__suto
10 Dec 2025
Not a single LLM can correctly explain the root cause even given the crash poc of this bug, let alone talk about how to write the exploit code. Kudo @lanleft_ for her great works! We may publish writeup when it no longer hot.
Qrious Secure
@qriousec
10 Dec 2025
Replying to @lanleft_
@lanleft_ has convinced firefox GC to give her a shell ๐Ÿคช
3
2
94
9,801
ah ha, I made it โ˜บ๏ธ
Qrious Secure
@qriousec
10 Dec 2025
Replying to @lanleft_
@lanleft_ has convinced firefox GC to give her a shell ๐Ÿคช
1
50
3,100
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
pr0cf5
@pr0cf51
5 Dec 2025
Last month, I gave a talk at @POC_Crew about ATLANTIS and the tech behind our #AIxCC win. We dove into competition details, using LLMs for deep bug discovery, and what's next for AI in security. github.com/pr0cf5/talks/blobโ€ฆ

talks/poc-2025.pdf at main ยท pr0cf5/talks

Contribute to pr0cf5/talks development by creating an account on GitHub.

github.com
19
87
6,740
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
cts๐ŸŒธ
@gf_256
1 Dec 2025
crazy find at the huawei store
1:01
133
363
8,895
555,340
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Years Progress
@YearsProgress
28 Nov 2025
2025 is 91% complete.
24
726
3,680
108,649
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Toan Pham
@__suto
24 Nov 2025
A quick review theses Chrome libAngle issues found by Big Sleep likely from fuzzer output more than AI reasoning, 1 or 2 issues even not exploitable because of libc mitigation enabled by default in Chrome. issuetracker.google.com/issuโ€ฆ The fuzzer still producing many crashes: issues.chromium.org/issues?qโ€ฆ

2
3
33
3,886
Can not get a cve from this vulnerability, itโ€™s quite sad ๐Ÿ˜ž By the way, Iโ€™d like to give a huge thanks to my mentor @__suto ๐Ÿ˜Š
Qrious Secure
@qriousec
10 Sep 2025
Check out our newest blog about how we took advantage of a WebGPU feature to turn an integer underflow bug into an arbitrary read in Chromeโ€™s WebGPU. This bug was fixed by Google long ago, but our ticket is still restricted. qriousec.github.io/post/oob-โ€ฆ by @lanleft_ @__suto
3
37
5,694
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
stephen@_tsuro
10 Aug 2025
If you like Chrome IPC shenanigans like this, you might also enjoy my talk from black hat 25: youtu.be/qhhJCLy0YBA?si=qLz2โ€ฆ

Breaking the Chrome Sandbox with Mojo

If you manage to exploit a Chrome renderer vulnerability, you find ...

youtube.com
xvonfers@xvonfers
9 Aug 2025
Whoah... $250000 (CVE-2025-4609, similar to CVE-2025-2783/412578726)[412578726][Mojo][IpczDriver]ipcz bug -> renderer duplicate browser process handle -> escape sbx is now open with PoC & exploit(success rate is nearly 70%-80%) issues.chromium.org/issues/4โ€ฆ issues.chromium.org/issues/4โ€ฆ
3
34
227
37,693
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Samuel GroรŸ@5aelo
1 Aug 2025
We released our Fuzzilli-based V8 Sandbox fuzzer: github.com/googleprojectzeroโ€ฆ It explores the heap to find interesting objects and corrupts them in a deterministic way using V8's memory corruption API. Happy fuzzing!

Add V8SandboxFuzzer ยท googleprojectzero/fuzzilli@675eccd

This is a basic fuzzer for the V8 Sandbox. It uses the memory corruption API to implement a random-but-deterministic (given a seed) traversal through the V8 heap object graph and corrupts some obje...

github.com
2
72
293
24,719
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Off-By-One Conference@offbyoneconf
8 May 2025
Singapore - shout it out for Yuki Chen ๐Ÿคฉ !!! Bringing Day 1 of @offbyoneconf 2025 to a explosive end with ๐€ ๐‰๐จ๐ฎ๐ซ๐ง๐ž๐ฒ ๐ข๐ง๐ญ๐จ ๐–๐ข๐ง๐๐จ๐ฐ๐ฌ ๐’๐ž๐œ๐ฎ๐ซ๐ข๐ญ๐ฒ ๐’๐ฎ๐ฉ๐ฉ๐จ๐ซ๐ญ ๐๐ซ๐จ๐ฏ๐ข๐๐ž๐ซ ๐ˆ๐ง๐ญ๐ž๐ซ๐Ÿ๐š๐œ๐ž. ๐Ÿ™‡๐Ÿ™‡๐Ÿ™‡
9
5
37
12,235
Lan Vu ๐Ÿ‡ป๐Ÿ‡ณ retweeted
Qrious Secure
@qriousec
9 Jan 2025
A brief JavascriptCore RCE story by @lanleft_ and An Nguyแป…n qriousec.github.io/post/jsc-โ€ฆ

A Brief JavaScriptCore RCE Story

Introduction The vulnerability introduced in commit 053d9a84 is a trivial uninitialized memory issue, easy to catch by simple unit tests. At the time of discovering the bug, we believed that this...

qriousec.github.io
56
225
20,541
Load more