Exploiting Chrome's V8 Engine and Sandbox: Breaking Browser Security - Black Hat 2024

Explore a 40-minute Black Hat conference presentation detailing a groundbreaking V8 exploit chain used against Google Chrome and Microsoft Edge at Pwn2Own Vancouver 2024. Discover how security researchers from Palo Alto Networks successfully broke both V8 and V8 Sandbox security measures, ending Chrome's 3-year undefeated streak at Pwn2Own. Learn about innovative exploitation techniques that transform a single out-of-bounds read vulnerability into a highly reliable exploit with near-perfect success rates, without requiring information leaks. Examine a novel V8 Sandbox escape technique that functioned across all Chrome versions and branches, departing from traditional methods dependent on raw pointers inside the V8 Sandbox. Understand the increasing challenges of exploiting Chrome's V8 JavaScript engine, particularly with the introduction of the V8 Sandbox beta in Chrome M123, and how these security researchers overcame these advanced protective measures through sophisticated JavaScript object manipulation.