Carl Smith
@cffsmith
V8 Security @Google/@v8js; @FluxFingers/@Sauercl0ud; previously Intern {Project Zero, @XI_Research}. Personal account. http://rwx.page on Bluesky.
Uploaded my slides from POC2024. I'll soon be giving a slightly shorter version of the same talk on CODE BLUE 2024 too. github.com/leesh3288/talk…
I'm giving a talk on POC2024 (Nov. 7, Korea) and CODE BLUE 2024 (Nov. 14, Japan) on my VR adventures on Wasm engines in browsers (mostly Chrome). Unfortunately I can't talk about ~10 recent bugs, but there still will be several others and a whopping 10 v8sbx bypasses to share :)
If you have a machine with PKEY support and recent Linux kernel you can now play around with hardware support for the V8 sandbox. When active, JS + Wasm code has no write permissions outside the sandbox address space. To enable, set `v8_enable_sandbox_hardware_support = true`.
I've also updated our V8 Exploit Tracker sheet now: docs.google.com/document/d/1nj… (see the 2025 tab) :)
...and now, introducing Part 6 of @j00ru's work on the Windows Registry: googleprojectzero.blogspot.com/2025/04/the-wi… 📖👀
Part 5 of @j00ru's Windows Registry Adventure is out! googleprojectzero.blogspot.com/2024/12/the-wi… Incredible depth of knowledge on display, and good to see it shared as a reference with the world ❤️
My writeup of the 2023 NSO in-the-wild iOS zero-click BLASTDOOR webp exploit: Blasting Past Webp - googleprojectzero.blogspot.com/2025/03/blasti…
Senior Software Engineer, V8 Bug Detection: google.com/about/careers/… Software Engineer II, V8 Bug Detection: google.com/about/careers/…
V8 Security is hiring in Warsaw! If you want to work on improving our JavaScript and Wasm fuzzers, check out the links below!
I tweeted before about the Apple CoreAudio issues found by Google TAG. Well, the fuzz harness used to find these issues is now included in Jackalope examples, see github.com/googleprojectz… . Happy fuzzing! :)
The latest Apple security update contains fixes for three CoreAudio issues (CVE-2025-24160, CVE-2025-24161, CVE-2025-24163). These were found by Google Threat Analysis Group using Jackalope fuzzer.
Congratulations to Carl Smith from v8 Security team and join Blackhat USA review board as guest reviewer. He is willing to share, and an open-minded, hardcore researcher and developer. @cffsmith @BlackHatEvents
meow meow meow meow meow meowwww
What kind of email is she sending?
"Invariant inversion" in memory-unsafe languages pacibsp.github.io/2024/invariant…
"Advanced Fuzzing With LibAFL" dictada por @domenuk I Sala E - MainTrack #EKO2024 🔥
Chrome VRP update! V8 Sandbox Bypass Rewards have been expanded to include demonstrated memory corruption outside the V8 sandbox in any active release channel build of Chrome or V8. A valid submission of demonstrated (cont) spklr.io/l/6016xE8E
#VXCON 3 Days to go Please join us to meet the best line up of hackers. vxcon.hk @vxresearch @alisaesage @cffsmith @shipcod3 @krNeoTra @onlyxwings @redragonvn @vv474172261 @vkamluk @div0_sg Emil Tan @Emil0xA Dennis Kim SoBoris
#POC2024 Carl smith(@cffsmith) - Fuzzing for complex bugs across languages in JavaScript Engines 🏎️
Hacklu CTF starts in 24 hours ⏳ We prepared some banger challenges you don't want to miss! Register now: flu.xxx/register