BLACK HAT USA 2017 – CALL FOR TRAININGS IS OPEN

Interested in training at Black Hat USA 2017? Submit by December 14, 2016.


Google Native Client - Analysis Of A Secure Browser Plugin Sandbox by Chris Rohlf

Native Client is Google's attempt at bringing millions of lines of existing C/C++ code to the Chrome web browser in a secure sandbox through a combination of software fault isolation, a custom compiler toolchain and a secure plugin architecture. Sound challenging? It is! Native Client isn't a typical browser extension and it certainly isn't ActiveX. Native Client allows for all sorts of applications to run inside in your browser, everything from games to PDF readers. In this talk I will cover the basics of the Native Client sandbox and general security relevant architecture including PPAPI (the replacement for NPAPI), vulnerabilities I discovered via source review in the PPAPI interface and finally a tool that dynamically generates code to fuzz the Native Client PPAPI interfaces based on the IDL (Interface Description Language) files found in the Chrome source tree.

Event: Black Hat USA 2012

Please check out the rest of our archived videos on our YouTube channel

UpcomingEvents

  • Black Hat Asia 2017
    March 28-31, 2017
  • Black Hat USA 2017
    July 22-27, 2017
  • Black Hat Europe 2017
    December 4-7, 2017

ShowCoverage

StayConnected

Fill out the form below to stay up to date on the latest Black Hat info, newsletters and intel.

Email*
First Name
Last Name
Subscription Group

Sustaining Partners