The Brave New World of JavaScript Engine Vulnerabilities

Simon Zuckerbraun

JavaScript is everywhere and the providers of JavaScript engines are locked in a tight race to deliver high performance and low resource consumption. In this environment, the major JavaScript engines have evolved into machines of monstrous complexity, employing risky performance hacks and sporting interpreted execution modes together with multiple tiers of Just-In-Time (JIT) compilation. This complexity has become fertile ground for a new wave of vulnerabilities.

The vulnerabilities found in JavaScript engines tend to be subtle in their mechanism and difficult to grasp. They also tend to be devastating in their effect, often leading directly to arbitrary read/write primitives that can be leveraged easily for remote code execution.

This talk will provide an overview of weak points in JavaScript engines and a breakdown of the main categories of JavaScript engine vulnerabilities. Examples will be discussed from among recent vulnerabilities found in Chakra, JavaScriptCore and V8.