awesome-browser-security

A curated list of awesome browser security learning material.
https://github.com/cezary-sec/awesome-browser-security

Last synced: 4 days ago
JSON representation

1. General introductions
- Preferred sources
  - Chromium security website - lots of useful documents that will paint you a good picture of this highly nuanced domain.
  - Chrome University - YT playlist of introductory talks on various aspects of Chromium development. Talks on security, browser's anatomy, mojo, and browser's process are must-have.
  - Web Browser Engineering
  - High Performance Browser Networking - free book on browser networking.
  - Michal Zalewski - a bit dated, but still mostly relevant.
  - Chrome University - YT playlist of introductory talks on various aspects of Chromium development. Talks on security, browser's anatomy, mojo, and browser's process are must-have.
  - Michal Zalewski - a bit dated, but still mostly relevant.
- Architecture
  - The Security Architecture of the Chromium Browser
  - Mojo
- Security assessments
  - Cure53 Browser Security White Paper
  - X41 Browser Security White Paper - Sec](https://x41-dsec.de/).
- Key concepts
  - Public Suffix List (PSL) - what PSL is and what are its known use cases.
  - HTTP State Tokens - interesting statement on the tragedy of cookies and how it could be solved.
  - Public Suffix List Problems - excellent article on why PSL should be discontinued.
2. Security challenges and corresponding mitigations
- Memory safety
  - Introduction to Chromium's memory safety
  - V8 Sandbox - External Pointer Sandboxing - new hardening measures for V8.
  - MiraclePtr One Pager
  - MiraclePtr The UaF Slayer [BlinkOn 16
  - PartitionAlloc Design
  - Experimenting with Rust in Chromium
  - Retrofitting Temporal Memory Safety on C++
- Spectre
- Transport security
- Cross Site Scripting (XSS)
  - Cross-site scripting - good introduction to the problem.
  - Content Security Policy 1.0
  - Content Security Policy Level 2
  - Trusted Types
  - HTML Sanitizer API
- Cross Site Request Forgery (CSRF)
  - Cross-site request forgery (CSRF) - good introduction to the problem.
- Cross Site Leaks (XS-Leaks)
- Extensions
  - An Evaluation of the Google Chrome Extension Security Architecture
  - Cursed Chrome - a Chrome-extension implant that turns victim Chrome browsers into fully-functional HTTP proxies. By using the proxies this tool creates you can browse the web authenticated as your victim for all of their websites.
- URL bar security
  - Internationalized Domain Names (IDN) in Google Chrome
- Private Network Access
  - How to win at CORS
  - Private Network Access
3. Attacks on browsers
- Private Network Access
  - Chrome Browser Exploitation, Part 1: Introduction to V8 and JavaScript Internals
  - Chrome Browser Exploitation, Part 2: Introduction to Ignition, Sparkplug and JIT Compilation via TurboFan
  - OffensiveCon22 - Samuel Gross and Amanda Burnett - Attacking JavaScript Engines in 2022
  - Browser security YT playlist - [Patrick Ventuzelo](https://twitter.com/Pat_Ventuzelo).
  - In-the-Wild Series: Chrome Exploits
  - Awesome browser exploit - collection of various materials on browser exploitation.
  - Browser security YT playlist - [Patrick Ventuzelo](https://twitter.com/Pat_Ventuzelo).
4. Misc
- Private Network Access
  - Part 1. The Same Origin Policy - QhZa4) by [LiveOverflow](https://twitter.com/LiveOverflow).
  - Web Application Security Working Group's repo
  - Browser security research
5. Contributors
- Private Network Access
  - Diego Porras
  - Diego Porras

Programming Languages

HTML 2 JavaScript 1 Bikeshed 1

Categories

2. Security challenges and corresponding mitigations 31 1. General introductions 14 3. Attacks on browsers 7 4. Misc 3 5. Contributors 2

Sub Categories

Private Network Access 14 Memory safety 7 Preferred sources 7 Spectre 5 Transport security 5 Cross Site Scripting (XSS) 5 Cross Site Leaks (XS-Leaks) 3 Key concepts 3 Security assessments 2 Architecture 2 Extensions 2 Cross Site Request Forgery (CSRF) 1 URL bar security 1

Keywords

browser-exploitation 2 browser-security 1 awesome-list 1 awesome 1