Browser security is always a prevalent topic in security research. Due to the great design and long-term effort, browsers have been more and more secure. The last time Chrome was pwned in Pwn2Own dates back to Mobile Pwn2Own 2016. In that contest, we, Keen Security Lab of Tencent, pwned Nexus 6P via Chrome browser. This year, we are willing to share our full, in-depth details on the research of Chrome security.
JavaScript engines are an attractive target for browser attackers. Security researchers published their amazing methods, such as CodeAlchemist and Fuzzili. We developed a methodology Semantic Equivalent Transform (SET), and it is distinct because
Finally, we'll share our recent research on sandbox bypass. We have pwned Chrome three times since 2016. We will share the details of our IPC bugs and bring a demo when we pwned Chrome in March 2019.
To the best of our knowledge, this presentation will be the first to talk about complete methodology to pwn Chrome (find and exploit bugs in both v8 and sandbox) in public.