JS引擎的阿喀琉斯之踵：在WASM执行期间利用现代浏览器漏洞.pdf

《JS引擎的阿喀琉斯之踵：在WASM执行期间利用现代浏览器漏洞.pdf》由会员分享，可在线阅读，更多相关《JS引擎的阿喀琉斯之踵：在WASM执行期间利用现代浏览器漏洞.pdf（106页珍藏版）》请在三个皮匠报告上搜索。

1、#BHUSA BlackHatEventsAchilles Heel of JS Engines:Achilles Heel of JS Engines:Exploiting Modern Browsers During Exploiting Modern Browsers During WASM ExecutionWASM ExecutionBohan Liu(P4nda20371774)Zong Cao(p1umer)Zheng Wang(xmzyshypnc1)Yeqi Fu(q1iq)Cen Zhang(zhclhy)#BHUSA BlackHatEventsAbout usP4nda

2、20371774Security Researcher at Tencent Security Xuanwu LabMainly Engaged in Browser SecurityGoogle Chrome Bug HunterBohan Liuxmzyshypnc1Security Researcher at Tencent Security Xuanwu LabMainly Engaged in Browser Security and Kernel SecurityFound Several security bugs in Apple Safari,Linux kernel and

3、 VirtualBoxZheng Wangp1umerGraduate Master at University Chinese Academy of SciencesAI+Bug HuntingBlack Hat Asia/USA SpeakerZong Caoq1iqPhd student of National university of singapore.Fuzzing and Static AnalysisMenmber of CURIOSITY,supervised by zhenkai liangYeqi Fu#BHUSA BlackHatEventsBackground#BH

4、USA BlackHatEventsIntroduction More WASM exploitable bugs Introduced in the past two years Some bug neednt bypass V8 SandboxByteCode ExecutionRuntime BuildExternal InteractionRuntime BuildExploited V8 Bugs in 2024#BHUSA BlackHatEventsBug History Recap Compilation Issues1.Edge Cases Oversights2.Binar

5、y Parsing Memory Management Issues1.Side Effect in expanding2.Integer OverflowByteCode ExecutionRuntime BuildExternal InteractionRuntime Build#BHUSA BlackHatEventsWASM Development Status New proposals More optimization More interaction between WASM and JSByteCode ExecutionRuntime BuildExternal Inter

6、actionRuntime Build#BHUSA BlackHatEventsExploitation difficulty More Check/Dcheckin Javascript More harden patch for exploitation techniquesByteCode ExecutionRuntime BuildExternal InteractionRuntime BuildJS vs Wasm#BHUSA BlackHatEventsExploitation difficulty More Check/Dcheckin Javascript More harde