Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, "Achilles' Heel of JS Engines: Exploiting Modern Browsers During WASM Execution," delves into the evolving landscape of browser security, with a particular focus on vulnerabilities within **WebAssembly (Wasm)** execution. Presented by a group of researchers with a track record of discovering and exploiting bugs in major browsers like Chrome, Firefox, and Safari, the talk highlights a critical shift in the Wasm attack surface. While previous research often concentrated on compilation-related issues, the speakers argue that the Wasm execution phase, especially with the introduction of new proposals such as **Wasm garbage collection (GC)**, now presents a fertile ground for highly exploitable vulnerabilities.