Browser Hacking

In late 2018, I became fastinated with browser security. At the time, I was a pen tester for AWS, but browser bug hunting was out of my scope of work. I decided to do some research on my own time and ended up finding a few zero-day bugs in Safari and Chrome.

Universal Cross-Site Scripting (UXSS)

UXSS is a bug that undermines the most important browser responsibility - enforcing Same Origin Policy (SOP). It's the fundamental promise that your browser will keep track of what is evil.com and what is yourbank.com. Over the course of 2 months, I found a dozen different ways to confuse Safari into breaking this promise. My research resulted in 7 UXSS CVE's and 3 'Additional recognition' shoutouts.

Safari Reader

CVE-2018-4374
CVE-2018-4377
CVE-2019-6228
CVE-2019-6204
CVE-2019-8505

WebKit

CVE-2019-6229
CVE-2019-8551

Bonus Bugs

During my UXSS hunt, I stumbled upon a few bugs that impacted other browsers. So far, only the Chrome 'Insufficient policy enforcement in Navigation' bug has been disclosed.

Chrome

CVE-2018-20069