Explore a 31-minute Black Hat conference talk that delves into attacking Chrome WebSQL, revealing how SQLite can be directly accessed by remote attackers through the Chrome WebSQL API. Learn about a mutation-based Fuzzer developed for WebSQL, and discover new attack surfaces in Google Chrome beyond traditional RCE vulnerabilities. Gain insights from security researchers Ziling Chen, Hongli Han, and Nan Wang as they present their findings on exploiting this often-overlooked attack vector, despite Chrome's enhanced mitigation mechanisms for V8 and Blink.
Overview
Syllabus
New Wine in an Old Bottle: Attacking Chrome WebSQL
Taught by
Black Hat