Presentation Material
Abstract
Clusterfuzz is Chrome’s open source distributed fuzzer that finds security bugs in real time (all with reproducible test cases!). In this talk, I’ll provide an overview of how Clusterfuzz uses 3000+ cores to fuzz Chrome across various platforms and find exploitable crashes before the black hats do. The talk will provide detailed statistics of the types of bugs found in Chrome and provide an insight into the trials and tribulations of distributed fuzzing, including how you can run your own fuzzers on our infrastructure and earn Chrome bounties for bugs your fuzzer finds! w00t!
AI Generated Summarymay contain errors
Here is a summarized version of the content:
The speaker discusses how their team uses various memory debugging tools to identify and fix bugs. They utilize a magical switch that captures file loads, making it easy to archive dependencies. This enables better stack traces, which help developers debug issues more efficiently.
Once a bug is found, they minimize it and release a patch to users. To ensure the fix doesn’t introduce new issues, they archive each build across multiple memory debugging tools over the past five years. They run basic tests to identify regression ranges and fixed ranges.
The team also uses a project called “findit” to help identify the culprit commit (CL) that caused a regression. This project analyzes stack frames, crash lines, and CL changes to pinpoint the responsible code change.
A demo is shown of their classifier tool, which displays crashes, provides test case reports, and offers suspected CL information. The tool also shows crash parameters, reproducibility, security status, and regression ranges.
The speaker concludes by mentioning that all memory debugging tools discussed are open-source, and their team’s ClusterFuzz code will be open-sourced in the next month or two.