Google, IBM & Meta Certificates — All 10,000+ Courses at 40% Off
One annual plan covers every course and certificate on Coursera. 40% off for a limited time.
Get Full Access
Explore critical security vulnerabilities emerging from the interaction between WebAssembly and JavaScript in this 41-minute Black Hat conference presentation. Dive deep into type confusion issues and boundary vulnerabilities within the V8 engine, examining how the integration of WebAssembly with JavaScript creates new attack vectors despite performance benefits. Learn about multiple discovered vulnerabilities including type confusion between WasmObject and JSObject, and issues with WebAssembly Garbage Collection (WasmGC) and JavaScript Promise Integration (JSPI) API. Analyze specific CVEs including CVE-2024-5158, CVE-2024-7550, CVE-2024-3156, CVE-2024-8638, and CVE-2024-5838, understanding their technical details, identification methods, and remediation approaches. Discover how these vulnerabilities can lead to crashes, out-of-bounds memory access, and potential remote code execution. Gain insights into the importance of comprehensive security reviews and the need for enhanced safety mechanisms at the WebAssembly-JavaScript interface to protect modern web browsers from emerging threats.
