Super Hat Trick: Exploit Chrome and Firefox Four Times
Unknown
Black Hat USA 2024 · Day 1 · Briefing
This talk, "Super Hat Trick: Exploit Chrome and Firefox Four Times," presented at Black Hat USA, delves into the intricate world of browser vulnerability research and exploitation. The speakers, known by the nickname Sakura and their partner, both accomplished security researchers, unveil a series of four critical vulnerabilities—two affecting Google Chrome's V8 JavaScript engine and two impacting Mozilla Firefox—that could lead to remote code execution (RCE). The presentation highlights how subtle implementation flaws in new JavaScript language features, specifically the **TC39 Set methods proposal**, can introduce severe security risks in highly optimized browser engines.