Explore the security implications of WebAssembly (WASM) compilers in web browsers through this 27-minute Black Hat conference talk. Dive into the integration of WASM compilers with JavaScript engines and their significance as a potential attack surface. Examine past vulnerabilities, including a remote code execution flaw discovered in pwn2own2021. Learn about recent developments in WebKit's WASM compiler, including new features based on the WASM 2.0 specification such as Exceptions, Tail Call, and SIMD. Gain insights into the importance of re-emphasizing WASM compiler security and understand the potential risks to browser and user safety. Presented by security researchers Zong Cao, Yeqi Fu, Fangming Gu, Bohan Liu, and Zheng Wang, this talk offers valuable knowledge for those interested in web security and browser vulnerabilities.
Overview
Syllabus
Attacking the WebAssembly Compiler of WebKit
Taught by
Black Hat
Related Courses
-
Is WebAssembly Really Safe? - Wasm VM Escape and RCE Vulnerabilities Have Been Found in New Way
-
Reviving JIT Vulnerabilities - Unleashing the Power of Maglev Compiler Bugs on Chrome Browser
-
WebAssembly - A New World of Native Exploits on the Browser
-
WebAssembly in Production: Building a Compiler in a Web Page
-
Attacking Client-Side JIT Compilers
-
Exploiting CSP in WebKit to Break Authentication and Authorization
