Attacking the WebAssembly Compiler of WebKit

WebAssembly (WASM) is a high-performance compiled language for execution in web browsers that interoperates with JavaScript. In general, the wasm compiler in the browser is integrated into the javascript engine, which has proven to be an important attack surface in browsers over the past years. Protecting the security of the WASM compiler is a matter of security for the browser, and thus for the users. We have seen a remote code execution vulnerability in the wasm compiler previously (pwn2own2021), and it seems that no public research has continued to demonstrate vulnerabilities from this attack surface since then. In fact, over the past year, the number of commits of the Webassembly compiler in Webkit has surpassed that of javascript JIT and introduced some new features based on the wasm 2.0 specification such as Exceptions, Tail Call, SIMD, etc. In this case, the security of the wasm compiler should be re-emphasized...... By: Zong Cao (P1umer) , Yeqi Fu (Q1IQ) , Fangming Gu (afang5472) , Bohan Liu , Zheng Wang (xmzyshypnc) Full Abstract and Presentation Materials: #attacking-the-webassembly-compiler-of-webkit-30926