Attacking the WebAssembly Compiler of WebKit

WebAssembly (WASM) is a high-performance compiled language for execution in web browsers that interoperates with JavaScript. In general, the wasm compiler in the browser is integrated into the javascript engine, which has proven to be an important attack surface in browsers over the past years. Protecting the security of the WASM compiler is a matter of security for the browser, and thus for the users. We have seen a remote code execution vulnerability in the wasm compiler previously (pwn2own2021), and …

attack attack surface browser browsers compiler engine general high important javascript language performance protecting security wasm web webassembly web browsers webkit