JS引擎的阿喀琉斯之踵:在WASM执行期间利用现代浏览器漏洞.pdf

编号:981592 PDF 106页 5.65MB 下载积分:VIP专享
下载报告请您先登录!

1、#BHUSA BlackHatEventsAchilles Heel of JS Engines:Achilles Heel of JS Engines:Exploiting Modern Browsers During Exploiting Modern Browsers During WASM ExecutionWASM ExecutionBohan Liu(P4nda20371774)Zong Cao(p1umer)Zheng Wang(xmzyshypnc1)Yeqi Fu(q1iq)Cen Zhang(zhclhy)#BHUSA BlackHatEventsAbout usP4nda

2、20371774Security Researcher at Tencent Security Xuanwu LabMainly Engaged in Browser SecurityGoogle Chrome Bug HunterBohan Liuxmzyshypnc1Security Researcher at Tencent Security Xuanwu LabMainly Engaged in Browser Security and Kernel SecurityFound Several security bugs in Apple Safari,Linux kernel and

3、 VirtualBoxZheng Wangp1umerGraduate Master at University Chinese Academy of SciencesAI+Bug HuntingBlack Hat Asia/USA SpeakerZong Caoq1iqPhd student of National university of singapore.Fuzzing and Static AnalysisMenmber of CURIOSITY,supervised by zhenkai liangYeqi Fu#BHUSA BlackHatEventsBackground#BH

4、USA BlackHatEventsIntroduction More WASM exploitable bugs Introduced in the past two years Some bug neednt bypass V8 SandboxByteCode ExecutionRuntime BuildExternal InteractionRuntime BuildExploited V8 Bugs in 2024#BHUSA BlackHatEventsBug History Recap Compilation Issues1.Edge Cases Oversights2.Binar

5、y Parsing Memory Management Issues1.Side Effect in expanding2.Integer OverflowByteCode ExecutionRuntime BuildExternal InteractionRuntime Build#BHUSA BlackHatEventsWASM Development Status New proposals More optimization More interaction between WASM and JSByteCode ExecutionRuntime BuildExternal Inter

6、actionRuntime Build#BHUSA BlackHatEventsExploitation difficulty More Check/Dcheckin Javascript More harden patch for exploitation techniquesByteCode ExecutionRuntime BuildExternal InteractionRuntime BuildJS vs Wasm#BHUSA BlackHatEventsExploitation difficulty More Check/Dcheckin Javascript More harde

友情提示

1、下载报告失败解决办法
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站报告下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。

本文(JS引擎的阿喀琉斯之踵:在WASM执行期间利用现代浏览器漏洞.pdf)为本站 (竿头日上) 主动上传,三个皮匠报告文库仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对上载内容本身不做任何修改或编辑。 若此文所含内容侵犯了您的版权或隐私,请立即通知三个皮匠报告文库(点击联系客服),我们立即给予删除!

温馨提示:如果因为网速或其他原因下载失败请重新下载,重复下载不扣分。
客服
商务合作
小程序
服务号
折叠