Exploiting Modern Browsers During WebAssembly Execution - Security Vulnerabilities in JS Engines

Explore a technical conference talk that delves into the security vulnerabilities discovered in WebAssembly (WASM) execution across major browsers. Learn about three distinct categories of vulnerabilities - Runtime Build Issues, ByteCode Execution Issues, and External Interaction Issues - identified through targeted fuzzing tools. Understand how researchers uncovered over 10 vulnerabilities in Chrome, Firefox, and Safari's JavaScript engines, successfully achieving Remote Code Execution (RCE). Examine the attack surface of WebAssembly execution, focusing on exploitation techniques during the execution phase rather than compilation. Discover why execution phase vulnerabilities present more flexible exploitation opportunities compared to compilation phase issues, particularly due to fewer mitigation measures and the potential for leveraging wrong compilation results. Follow the research team's analysis of these security challenges, building upon their previous findings in Safari's WASM compilation phase, and see demonstrations of real-world exploit scenarios.