Attacking Browsers via WebGPU
Lukas Bernhard
OffensiveCon 2025 · Day 1 · Main
Lukas Bernhard built a grammar-based fuzzer for WebGPU's shading language (WGSL) and aimed it at the shader compilers lurking inside Chrome's GPU process — components never designed to withstand adversarial inputs. The campaign turned up 21 bugs across Windows's DirectX Shader Compiler and Android's Qualcomm Adreno and Arm Mali stacks, most of them use-after-free vulnerabilities rooted in outdated LLVM versions that GPU vendors have never bothered to update. ---
AI review
Bernhard built a semantics-aware WGSL fuzzer, ran it at 1 million CPU-hours, and found 21 bugs across GPU shader compilers that are embedded in the Chrome one-click attack surface — compilers built on decade-old LLVM forks that have never been hardened for adversarial inputs. The structural problem he exposes (GPU drivers as unmitigatable browser attack surface) is a genuine systems-level finding, not just a bug count.