This talk aims to summarize the current state of JavaScript engine security and exploitation. It assumes no particular prior knowledge of either.
After a short introduction to the JavaScript language, we will discuss some key components of modern JavaScript engines: the object system, memory management and garbage collection, and optimizing just-in-time (JIT) compilers. Afterwards, typical (and some non-typical!) bugs seen in recent years will be analyzed and common exploitation strategies explained. The talk will conclude with an overview of current and expected future exploit mitigations in V8 and JavaScriptCore and their (somewhat subjective) effectiveness.
Throughout the talk, additional resources that go into more depth will be referenced for the interested listener.
Samuel currently works at Google Project Zero. Prior to that, he worked as an independent security researcher, during which he participated in pwn2own and published two Phrack articles on JavaScript engine exploitation.
Amy is a security researcher and co-founder of RET2 Systems, where she specializes in browser security and mitigation bypass. She has spoken about and previously led trainings on advanced browser exploitation techniques at private events and conferences. She and her team developed and publicly demonstrated a remote code exploit against Safari for Pwn2Own 2018, which also leveraged a macOS bug to gain root level code execution.
