A tale of Chakra bugs through the years [Conférence invitée] — Bruno Keith
Date : 07 June 2019 à 11:15 — 45 min.
JavaScript engines have always been one of the main targets in order to compromise browsers. While they are only one of the main attack surfaces reachable remotely, their size (hundreds of thousands of lines of code) makes it so that even inside them, there are multiple areas that have been targeted to find bugs throughout the years. People initially focused on the outter most layers of these engines by trying to find bugs in the interpreters and have gradually moved towards more complex component such as Just-In-Time compilers as other parts became more and more resilient.
After a brief introduction to the world of JavaScript engines, this talk will explore some of the bug patterns that have affected Chakra through the years and walk through several examples of bugs found both by the author and other well-known researchers. This presentation will also try to highlight various techniques to abuse these bugs and turn them into interesting exploit primitives.