Reposted by Carl Smith
Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer.
@rwx.page
@rwx.page
February 20, 2025 at 2:12 PM
Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer.
@rwx.page
@rwx.page
Unfortunately not, we are planning on sharing more details in form of talks in the future though.
February 5, 2025 at 3:53 PM
Unfortunately not, we are planning on sharing more details in form of talks in the future though.
And make sure to update to the latest swift version too!
February 4, 2025 at 7:35 PM
And make sure to update to the latest swift version too!
Some slides discussing some of this work can be found here:
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
February 4, 2025 at 7:35 PM
Some slides discussing some of this work can be found here:
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
February 4, 2025 at 7:34 PM
I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!
Reposted by Carl Smith
Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
Chrome Vulnerability Reward Program Rules | Google Bug Hunters
ATTENTION As of 4 February 2024, Chromium has migrated to a new issue tracker, please report security bugs to the new issue tracker using this form . Please see the Chrome VRP News and FAQ page for mo...
bughunters.google.com
November 13, 2024 at 6:05 PM
Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
* No longer limited to d8
* Rewards for controlled writes increased to $20k
* Any memory corruption outside the sandbox is now in scope
bughunters.google.com/about/rules/...
Happy hacking!
Reposted by Carl Smith
Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay!
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
May 22, 2024 at 7:01 PM
Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay!
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
The V8 Heap Sandbox: saelo.github.io/presentation...
Fantastic conference, as usual! :)
Reposted by Carl Smith
Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1...
This should be one of the last pieces of infrastructure required for the sandbox.
This should be one of the last pieces of infrastructure required for the sandbox.
V8 Sandbox - Trusted Space
V8 Sandbox - Trusted Space Author: saelo@ First Published: October 2023 Last Updated: October 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses...
docs.google.com
October 20, 2023 at 1:34 PM
Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1...
This should be one of the last pieces of infrastructure required for the sandbox.
This should be one of the last pieces of infrastructure required for the sandbox.
Reposted by Carl Smith
One day, @rwx.page and me got bored and built a tiny command line game with 0 deps in 🦀.
`cargo install quarto`
It's not much but it's honest work :)
https://github.com/domenukk/quarto_rs
`cargo install quarto`
It's not much but it's honest work :)
https://github.com/domenukk/quarto_rs
August 12, 2023 at 12:34 AM
One day, @rwx.page and me got bored and built a tiny command line game with 0 deps in 🦀.
`cargo install quarto`
It's not much but it's honest work :)
https://github.com/domenukk/quarto_rs
`cargo install quarto`
It's not much but it's honest work :)
https://github.com/domenukk/quarto_rs