Carl Smith's Avatar

Carl Smith

@rwx.page.bsky.social

V8 Security @Google, Personal Account.

352 Followers  |  196 Following  |  4 Posts  |  Joined: 28.06.2023  |  1.7139

Latest posts by rwx.page on Bluesky

Post image

Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer.

@rwx.page

20.02.2025 14:12 β€” πŸ‘ 2    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

Unfortunately not, we are planning on sharing more details in form of talks in the future though.

05.02.2025 15:53 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

And make sure to update to the latest swift version too!

04.02.2025 19:35 β€” πŸ‘ 1    πŸ” 0    πŸ’¬ 0    πŸ“Œ 0

Some slides discussing some of this work can be found here:
https://powerofcommunity.net/poc2024/Carl%20Smith,%20Fuzzing%20for%20complex%20bugs%20across%20languages%20in%20JavaScript%20Engines.pdf

04.02.2025 19:35 β€” πŸ‘ 3    πŸ” 0    πŸ’¬ 2    πŸ“Œ 0

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm!
Go check it out at https://github.com/googleprojectzero/fuzzilli.
While we still have a way to go in improving it, we think it shows a promising approach!

04.02.2025 19:34 β€” πŸ‘ 31    πŸ” 16    πŸ’¬ 1    πŸ“Œ 1
Preview
Chrome Vulnerability Reward Program Rules | Google Bug Hunters ATTENTION As of 4 February 2024, Chromium has migrated to a new issue tracker, please report security bugs to the new issue tracker using this form . Please see the Chrome VRP News and FAQ page for mo...

Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox

* No longer limited to d8

* Rewards for controlled writes increased to $20k

* Any memory corruption outside the sandbox is now in scope

bughunters.google.com/about/rules/...

Happy hacking!

13.11.2024 18:05 β€” πŸ‘ 27    πŸ” 10    πŸ’¬ 1    πŸ“Œ 0

Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay!

The V8 Heap Sandbox: saelo.github.io/presentation...

Fantastic conference, as usual! :)

22.05.2024 19:01 β€” πŸ‘ 4    πŸ” 5    πŸ’¬ 0    πŸ“Œ 1
Preview
V8 Sandbox - Trusted Space V8 Sandbox - Trusted Space Author: saelo@ First Published: October 2023 Last Updated: October 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses...

Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1...
This should be one of the last pieces of infrastructure required for the sandbox.

20.10.2023 13:34 β€” πŸ‘ 7    πŸ” 2    πŸ’¬ 1    πŸ“Œ 0
Post image

One day, @rwx.page and me got bored and built a tiny command line game with 0 deps in πŸ¦€.

`cargo install quarto`

It's not much but it's honest work :)
https://github.com/domenukk/quarto_rs

12.08.2023 00:34 β€” πŸ‘ 1    πŸ” 1    πŸ’¬ 0    πŸ“Œ 0

@rwx.page is following 20 prominent accounts