Let the Cache Cache and Let the WebAssembly Assemble: Knockin' on Chrome's Shell
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, presented at Black Hat USA, details a sophisticated exploit chain that successfully compromised Google Chrome and Microsoft Edge during the Pwn2Own Vancouver 2024 competition. Delivered by two security researchers from Palo Alto Networks, the presentation delves into a critical **V8 vulnerability** leading to an arbitrary read/write primitive, followed by an innovative **V8 sandbox escape** technique. The significance of this research lies in its demonstration of a novel approach to bypass the V8 sandbox, especially in light of recent architectural changes that removed raw pointers, a common target for previous exploits.