Bridging the Gap: Type Confusion and Boundary Vulnerabilities Between WebAssembly and JavaScript
Black Hat Asia 2025 · Day 2 · Briefings
This talk, presented by Nang (Sakura) and Jan Hansa, delves into a critical and evolving area of browser security: vulnerabilities arising from the interaction boundary between **WebAssembly (Wasm)** and **JavaScript (JS)** within the **V8** engine. The speakers, both seasoned Chrome vulnerability researchers, highlight how the rapid development and introduction of new Wasm features, such as Garbage Collection (GC) and JavaScript Promise Integration (JSPI), are creating increasingly complex interaction layers—referred to as "wrappers"—that are ripe for exploitation.
AI review
This talk is a critical deep dive into the most dangerous new attack surface in modern browsers: the WebAssembly-JavaScript boundary. Nang and Hansa don't just point out problems; they dissect six high-impact vulnerabilities, detailing the V8 internals, the type confusion, and the memory corruption that leads to potent RCE primitives. Their grammar-based fuzzer, tailored for cross-language interaction, is a testament to real research. This isn't just a collection of bugs; it's a foundational understanding of where browser security is headed, and how attackers are already exploiting it.