WebAssembly Model Background

WebAssembly - JavaScript model

• Isolated memory space
• Direct access to memory ...developers are worried about it...they should
• No access to JavaScript objects directly

How to create WebAssembly modules?

• > 20 compilers
• Nobody writes pure WAT files
• EMSCRIPTEN is leading

Vulnerabilities

...with DEMOS

Buffer overflow

Function hijacking

• Function signature based checking ...DEMO
• emscripten_set_main_loop_arg function ...DEMO

Format string bug

Both contexts: front and backend

Reported in 2018 !!

Flash and Java in the browser...the same 20 years ago

How to prevent it?

• Two-way memory access encryption
• Cloud browser
• Sanitizing ...EMSCRIPTEN
• Adopt Rust
• Optimizing ! ...slumps