The Most Secure Browser? Pwning Chrome from 2016 to 2019

Black Hat USA 2019

Presented by: Zhen Feng, Gengming Liu
Date: Wednesday August 07, 2019
Time: 11:15 - 12:05
Location: Islander EI

Browser security is always a prevalent topic in security research. Due to the great design and long-term effort, browsers have been more and more secure. The last time Chrome was pwned in Pwn2Own dates back to Mobile Pwn2Own 2016. In that contest, we, Keen Security Lab of Tencent, pwned Nexus 6P via Chrome browser. This year, we are willing to share our full, in-depth details on the research of Chrome security.

JavaScript engines are an attractive target for browser attackers. Security researchers published their amazing methods, such as CodeAlchemist and Fuzzili. We developed a methodology Semantic Equivalent Transform (SET), and it is distinct because

Finally, we'll share our recent research on sandbox bypass. We have pwned Chrome three times since 2016. We will share the details of our IPC bugs and bring a demo when we pwned Chrome in March 2019.

To the best of our knowledge, this presentation will be the first to talk about complete methodology to pwn Chrome (find and exploit bugs in both v8 and sandbox) in public.

Zhen Feng

Zhen Feng is a senior security researcher at KeenLab. He has a great deal of experience in security of browsers. He took part in the four pwn2own games in 2016 and 2017 with the team and found most of the vulnerabilities used in browser targets. He focuses on compiler security now.

Gengming Liu

Gengming Liu is a security researcher at KeenLab of Tencent. He has been participating in Pwn2Own since 2016. He is the vice-captain of eee CTF team and the former captain of AAA CTF team. He also plays CTFs as a member of b1o0p and A*0*E, which won the second place in DEFCON CTF 2016 and third place in DEFCON CTF 2017.


KhanFu - Mobile schedules for INFOSEC conferences.
Mobile interface | Alternate Formats