Explore a 31-minute Black Hat conference talk that delves into attacking Chrome WebSQL, revealing how SQLite can be directly accessed by remote attackers through the Chrome WebSQL API. Learn about a mutation-based Fuzzer developed for WebSQL, and discover new attack surfaces in Google Chrome beyond traditional RCE vulnerabilities. Gain insights from security researchers Ziling Chen, Hongli Han, and Nan Wang as they present their findings on exploiting this often-overlooked attack vector, despite Chrome's enhanced mitigation mechanisms for V8 and Blink.
New Wine in an Old Bottle - Attacking Chrome WebSQL
Overview
Syllabus
New Wine in an Old Bottle: Attacking Chrome WebSQL
Taught by
Black Hat
Related Courses
-
Shield with Hole - New Security Mitigation Helps Us Escape Chrome Sandbox to Exfiltrate User Privacy
-
The Hat Trick - Exploit Chrome Twice from Runtime to JIT
-
Breaking the Chrome Sandbox with Mojo
-
Reviving JIT Vulnerabilities - Unleashing the Power of Maglev Compiler Bugs on Chrome Browser
-
TiYunZong Exploit Chain to Remotely Root Modern Android Devices - Pwn Android Phones from 2015-2020
-
BrokenMesh - New Attack Surfaces of Bluetooth Mesh
