Ned Williamson is an independent security researcher who started by playing CTFs, then transitioned to console hacking and vulnerability research.
[Abstract]
==========
Since the win32k lockdown on the Chrome renderer process, escaping the Chrome sandbox on Windows has become much harder. The most recent successful competition exploit occurred in 2015.
While everyone was focusing on win32k, the security of the Chrome sandbox over IPC went overlooked. By applying new fuzzing strategies many vulnerabilities can be revealed, one of which I used to demonstrate a full chain exploit at Hack2Win this year with the help of saelo and niklasb. In this talk I hope to show how I found these bugs by using targeted fuzzing in a way that was easy to setup but reliably had great results, and briefly cover how we leveraged one use after free bug to fully escape the sandbox.