当前位置:首页 > 报告详情

JS引擎的阿喀琉斯之踵:在WASM执行期间利用现代浏览器漏洞.pdf

上传人: 竿*** 编号:981592 2025-11-29 106页 5.65MB

1、#BHUSA BlackHatEventsAchilles Heel of JS Engines:Achilles Heel of JS Engines:Exploiting Modern Browsers During Exploiting Modern Browsers During WASM ExecutionWASM ExecutionBohan Liu(P4nda20371774)Zong Cao(p1umer)Zheng Wang(xmzyshypnc1)Yeqi Fu(q1iq)Cen Zhang(zhclhy)#BHUSA BlackHatEventsAbout usP4nda

2、20371774Security Researcher at Tencent Security Xuanwu LabMainly Engaged in Browser SecurityGoogle Chrome Bug HunterBohan Liuxmzyshypnc1Security Researcher at Tencent Security Xuanwu LabMainly Engaged in Browser Security and Kernel SecurityFound Several security bugs in Apple Safari,Linux kernel and

3、 VirtualBoxZheng Wangp1umerGraduate Master at University Chinese Academy of SciencesAI+Bug HuntingBlack Hat Asia/USA SpeakerZong Caoq1iqPhd student of National university of singapore.Fuzzing and Static AnalysisMenmber of CURIOSITY,supervised by zhenkai liangYeqi Fu#BHUSA BlackHatEventsBackground#BH

4、USA BlackHatEventsIntroduction More WASM exploitable bugs Introduced in the past two years Some bug neednt bypass V8 SandboxByteCode ExecutionRuntime BuildExternal InteractionRuntime BuildExploited V8 Bugs in 2024#BHUSA BlackHatEventsBug History Recap Compilation Issues1.Edge Cases Oversights2.Binar

5、y Parsing Memory Management Issues1.Side Effect in expanding2.Integer OverflowByteCode ExecutionRuntime BuildExternal InteractionRuntime Build#BHUSA BlackHatEventsWASM Development Status New proposals More optimization More interaction between WASM and JSByteCode ExecutionRuntime BuildExternal Inter

6、actionRuntime Build#BHUSA BlackHatEventsExploitation difficulty More Check/Dcheckin Javascript More harden patch for exploitation techniquesByteCode ExecutionRuntime BuildExternal InteractionRuntime BuildJS vs Wasm#BHUSA BlackHatEventsExploitation difficulty More Check/Dcheckin Javascript More harde

word格式文档无特别注明外均可编辑修改,预览文件经过压缩,下载原文更清晰!
三个皮匠报告文库所有资源均是客户上传分享,仅供网友学习交流,未经上传用户书面授权,请勿作商用。
根据报告的内容,本文主要探讨了WASM(WebAssembly)在浏览器中的执行漏洞。以下是全文关键点: 1. **WASM漏洞趋势**:近两年出现更多可利用的WASM漏洞,部分无需绕过V8沙箱。 2. **漏洞类型**:包括编译问题、内存管理问题和外部交互问题。 3. **WASM开发现状**:新提案、更多优化、WASM与JS交互增加。 4. **利用难度**:JavaScript中的检查/断言和针对利用技术的加固补丁增加。 5. **攻击面**:编译和执行流程中的攻击面,如WASM引擎初始化、运行时构建、字节码执行和外部交互。 6. **案例研究**:分析了CVE-2024-1939等漏洞的案例,展示了如何利用这些漏洞。 7. **漏洞利用方法**:包括WASM生成器、随机共享对象列表、模糊测试和代码覆盖率分析。
黑帽大会揭秘!" 如何利用?" 黑科技攻击面解析!"
客服
商务合作
小程序
服务号
折叠