Although designed to coexist with the JS engine, the WASM engine operates in its own dedicated “portable and sandboxed” virtual machine inside the browser. In this presentation, we will first show how this VM works by looking at the specification, the binary encoding, and the memory layout. We will then explore to what extent WASM affects the traditional attack surface of web browsers by analyzing how it is implementations in some major web browsers. In particular, we will cover some weak spots that past vulnerabilities have leveraged to achieve code execution. Finally, we will cover the future of WebAssembly as it aims to evolve as a W3C standardized specification and see how upcoming features may make room for more security vulnerabilities.
Christophe Alladoum is a security researcher and part of the Offensive Security team at Sophos Labs in Vancouver, Canada. Chris has almost a decade of experience in offensive security, including penetration testing, and vulnerability research and exploitation. He is passionate about understanding low-level technologies, how they are vulnerable, and how they might be exploited. As an active CTF player, he also spends his spare time exploring the landscape of software security along with developing and contributing to open source projects.