FlagThis

Abstract

This talk presents a novel research project aimed at detecting Use-After-Free (UAF) vulnerabilities in large-scale native applications, specifically targeting the Chromium browser. The speaker proposes a six-step detection pipeline that moves beyond probabilistic fuzzing by hooking disallocators, scanning thread stacks for dangling pointers in real-time, and utilizing stack unwinding to identify owning functions. The research highlights the challenge of "ownership transfer" and proposes integrating the Angr symbolic execution framework to find viable execution paths from the point of memory liberation to the point of illegal use.