WebAssembly is a new standard that allows assembly-like code to run in browsers at near-native speed. The presentation discusses the features of WebAssembly, vulnerabilities that occur in each feature, and the future of WebAssembly.
- WebAssembly is a binary format that starts with a magic number and a version, followed by sections that have an ID and payload that execute code.
- WebAssembly is motivated by the need for greater efficiency and safety in the browser.
- WebAssembly can be written using an assembler or by writing native code and compiling it.
- WebAssembly has limitations to compile ability, but the long-term goal is to compile any code written in any language to run on the web.
- WebAssembly has specific checks to maintain security properties, but there have been issues with tables and incorrect bounds checking.
- There are future features of WebAssembly, such as concurrency, that will change the security landscape of it.
- Finding bugs in WebAssembly becomes more difficult at every stage, but there is still a possibility of runtime issues.
- WebAssembly has potential applications outside of the web, such as moving the Ethereum interpreter to WebAssembly.
One interesting issue with WebAssembly was found in V8 where a table could be changed dynamically during execution, causing a use after free vulnerability. This was fixed by detecting the situation and not allowing changes during a zone call. However, another way to reach this issue was found by loading another WebAssembly instance into the same compartment with initialization that would wipe out the last reference to the function. This was fixed by keeping a reference to the function much longer than the table.