|
|
|
|
|
|
by kaba0
1489 days ago
|
|
|
> but the worst an exploiter can do is hit the edge of the sandbox and crash your application, instead of pwning the user's system. That is still exploitable. Let’s say you have a web app and the js code interacts with the wasm output - if the latter is exploitable, js code may be as well and it can be catastrophic if it is some deeply personal thing, or your bank account. And that can all be controlled by data alone, e.g. if it is a PDF converter or something. |
|
|