Coursera Flash Sale
40% Off Coursera Plus for 3 Months!
Grab it
Explore critical security vulnerabilities emerging from the interaction between WebAssembly and JavaScript in this 41-minute Black Hat conference presentation. Dive deep into type confusion issues and boundary vulnerabilities within the V8 engine, examining how the integration of WebAssembly with JavaScript creates new attack vectors despite performance benefits. Learn about multiple discovered vulnerabilities including type confusion between WasmObject and JSObject, and issues with WebAssembly Garbage Collection (WasmGC) and JavaScript Promise Integration (JSPI) API. Analyze specific CVEs including CVE-2024-5158, CVE-2024-7550, CVE-2024-3156, CVE-2024-8638, and CVE-2024-5838, understanding their technical details, identification methods, and remediation approaches. Discover how these vulnerabilities can lead to crashes, out-of-bounds memory access, and potential remote code execution. Gain insights into the importance of comprehensive security reviews and the need for enhanced safety mechanisms at the WebAssembly-JavaScript interface to protect modern web browsers from emerging threats.
