Presentation Material

Abstract

Clusterfuzz is Chrome’s open source distributed fuzzer that finds security bugs in real time (all with reproducible test cases!). In this talk, I’ll provide an overview of how Clusterfuzz uses 3000+ cores to fuzz Chrome across various platforms and find exploitable crashes before the black hats do. The talk will provide detailed statistics of the types of bugs found in Chrome and provide an insight into the trials and tribulations of distributed fuzzing, including how you can run your own fuzzers on our infrastructure and earn Chrome bounties for bugs your fuzzer finds! w00t!