Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, open-minded, and a hardcore researcher and developer. @rwx.page

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm! Go check it out at https://github.com/googleprojectzero/fuzzilli. While we still have a way to go in improving it, we think it shows a promising approach!

Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox * No longer limited to d8 * Rewards for controlled writes increased to $20k * Any memory corruption outside the sandbox is now in scope bughunters.google.com/about/rules/... Happy hacking!

Finally got around to publishing the slides of my talk @offensivecon.bsky.social from ~two weeks ago. Sorry for the delay! The V8 Heap Sandbox: saelo.github.io/presentation... Fantastic conference, as usual! :)

Here's another V8 sandbox design document, this time discussing how sensitive ("trusted") V8-internal objects (such as BytecodeArrays) can be protected: docs.google.com/document/d/1... This should be one of the last pieces of infrastructure required for the sandbox.

One day, @rwx.page and me got bored and built a tiny command line game with 0 deps in 🦀. `cargo install quarto` It's not much but it's honest work :) https://github.com/domenukk/quarto_rs