WebGPU is a new browser standard that allows us to access the capabilities of GPUs from the web -- benefiting complex computations, such as required by game engines and local LLMs. But the complex machinery needed to convert a shader program into native GPU machine code means a huge attack surface is now reachable from the web. Even worse, this shader compilation pipeline is only weakly sandboxed if at all (depending on the platform). In our talk, we take a deep dive into the shader compilation pipeline, exploring how shaders embedded in websites are processed until they end up in the GPU. We present how we wrote a domain-specific fuzzer to uncover memory corruption vulnerabilities in the respective compilers of Mali, DirectX, and Mesa. As a result of our research, we demonstrate numerous vulnerabilities reachable from Chrome.
Lukas Bernhard is a security researcher who recently moved from academia to industry. His past research centers on browser fuzzing and memory safety mitigations. Notable work includes differential testing of JavaScript engines and fuzzing of WebGPU.
