Presentation Material

Abstract

The discussion flow would start from the importance of browsers, need for security within it, my research and vulnerabilities found, and finally demonstration of zero day, apart from other exploits and attacks, against browsers. The talk would conclude with a discussion around remediation efforts to protect against such attacks.

Over the years reliance on browsers has increased many folds. The features provided by browsers, along with its numerous extensions and components, browsers have seen a humongous increase in the number of users using it to browse different services. This provides a huge attack base to “research” and identify potential vulnerabilities which can be exploited in order to improve defensive controls.

The talk I will be presenting is entirely my own work of research. While identifying vulnerabilities in web applications and participate in various bug bounty programs is interesting, I enjoy targeting platforms which are less popular as research topics. Having said that, while security for browsers is a known topic, I’ve been able to identify, through my research, several vulnerabilities which will help secure it further.

The issues I will be talking about are completely within three specific domains – SOP, RCE and Address Bar Spoofing (ABS). These vulnerabilities, along with the attack scenarios are something which I’ve created through my research. As a case study I’ll discuss integer underflow vulnerability in firefox (NSS). I’ve also created, from scratch, an exploit code which can be used across several browsers for the same vulnerability. I will be showcasing multiple Metasploit module, I created during my research.

AI Generated Summary^{may contain errors}

Here is a summarized version of the content:

The speaker discusses various areas to explore in browser security, including:

1. Fuzzing browsers specific to DOM (Document Object Model) using projects like Project 0.
2. Sandboxing escaping techniques and same-origin policy bypass through source code review for open-source web browsers.
3. Participating in bug bounty programs specific to browsers, such as Brave’s program.
4. Creating a sandbox environment and compiling open-source browsers with the help of AddressSanitizer (ASan) to capture vulnerabilities.

The speaker also answers questions from the audience:

1. Can this type of exploit be executed remotely on browsers like Tor? The answer is yes, but it’s unclear if it can be executed remotely.
2. Which browser is recommended for safe web browsing? Firefox Focus is suggested, with certain settings disabled.
3. Does incognito or private browsing offer any security benefits? No, it only doesn’t capture history or cookies, and may even have vulnerabilities.
4. How much are typical bug bounties worth? It depends on the severity of the exploit, but can range from $1,000 to six-digit dollar amounts.
5. Is there a difference in the number of vulnerabilities detected between Firefox and Chrome? The speaker is unsure, as both browsers have similar lists of vulnerabilities.

Finally, the speaker answers questions about specific browser engines, such as Opera (which uses Chrome’s engine) and Microsoft Edge (which uses Chakra Core).