The V8 Heap Sandbox by Samuel Gross

https://www.youtube.com/watch?v=5otAw81AHQ0

Finally managed to watch this (h/t @swapgs for the reminder), some things that struck me:

• Browsers are OS’s and now they demand CPU features for security
• We need security boundaries that are testable - so happy to see this concept implemented at such a fundamental component!

Also, make sure to watch the Q&A part :D

#OffensiveCon24

@buherator @swapgs your link to the silentsignal blog reminds me… did you hear we increased the bounty for sandbox escapes last year?

@freddy @swapgs thanks, it was a detour really, but I hope I'll get back to the topic sometime :)