Overview
Explore the design principles of Maglev and learn how to conduct vulnerability research and exploitation of the Maglev JIT Compiler in this 37-minute Black Hat conference talk. Compare and analyze the design principles of Maglev and Turbofan to identify potential attack surfaces. Discover improved vulnerability exploration methods, including Crash-based Fuzzing, Correctness-oriented fuzzing, and CodeQL, used to efficiently find vulnerabilities. Gain insights into the intriguing attack surface encountered during research, and witness the exploitation of a high-risk vulnerability achieving render RCE. Presented by Bohan Liu and Zheng Wang xmzyshypnc, this talk showcases their findings of numerous bugs in Maglev, including 7 reported high-risk vulnerabilities.
Syllabus
Reviving JIT Vulnerabilities: Unleashing the Power of Maglev Compiler Bugs on Chrome Browser
Taught by
Black Hat