Link to this headingJavascript Exploits
Awesome Browser Exploit Github
Link to this headingHow it Works
Link to this headingFuzzing
The Power-Of Pair
Browser Fuzzing
Taking Browsers Fuzzing To The Next (DOM) Level
DOM fuzzer - domato
browser fuzzing framework - morph
browser fuzzing and crash management framework - grinder
Browser Fuzzing with a Twist
Browser fuzzing - peach
从零开始学Fuzzing系列:浏览器挖掘框架Morph诞生记 Learn Fuzzing from Very Start: the Birth of Browser Vulnerability Detection Framework Morph(Chinese)
A Review of Fuzzing Tools and Methods
Link to this headingWriteup and Exploit Tech
it-sec catalog browser exploitation chapter Dead Link
2014 - Smashing The Browser: From Vulnerability Discovery To Exploit
smash the browser
JS library for writing exploits
Pwn2Own 2017: UAF in JSC::CachedCall
Link to this headingCollections
Browser logic-based vulnerabilities DB
Case Study of JavaScript Engine Vulnerabilities
Link to this headingChrome v8
Link to this headingHow it Works
v8 github mirror(docs within)
on-stack replacement in v8
A tour of V8: Garbage Collection
A tour of V8: object representation
v8 fast properties
learning v8
Link to this headingWrite ups and Exploits
Mobile Pwn2Own Autumn 2013 - Chrome on Android - Exploit Writeup
Exploit an OOB bug in newer version of V8
Link to this headingIE
Link to this headingHow it Works
Microsoft Edge MemGC Internals
Your Chakra Is Not Aligned
Link to this headingWrite ups and Exploits
2014 - Write Once, Pwn Anywhere
2014 - IE 11 0day & Windows 8.1 Exploit
2014 - IE11 Sandbox Escapes Presentation
2015 - Spartan 0day & Exploit
2015 - 浏览器漏洞攻防对抗的艺术 Art of browser Vulnerability attack and defense (Chinese)
2016 - Windows 10 x64 edge 0day and exploit
2017 - 1-Day Browser & Kernel Exploitation
2017 - From Out of Memory to Remote Code Executio
2019 - Pwn2Own 2019: Microsoft Edge Renderer Exploitation (CVE-2019-0940). Part 1
Link to this headingIE Mitigation
Public slides and demo code of bypassing security protection in the latest Windows Internet Explorer.
2017 - CROSS THE WALL-BYPASS ALL MODERN MITIGATIONS OF MICROSOFT EDGE
Browser security mitigations against memory corruption vulnerabilities
Browsers and app specific security mitigation (Russian) part 1
Browsers and app specific security mitigation (Russian) part 2
Browsers and app specific security mitigation (Russian) part 3
Link to this headingWebkit
Link to this headingWrite ups and Exploits
Attacking JavaScript Engines: A case study of JavaScriptCore and CVE-2016-4622
setAttributeNodeNS UAF
Link to this headingHow it Works
JSC loves ES6
JavaScriptCore, the WebKit JS implementation
saelo’s Pwn2Own 2018 Safari + macOS
Link to this headingWrite ups and Exploits
Attacking WebKit Applications by exploiting memory corruption bugs
Link to this headingFirefox
OR’LYEH? The Shadow over Firefox
Remote Code Execution in Firefox beyond memory corruptions
Link to this headingWrite ups and Exploits
CVE-2018-5129: Out-of-bounds write with malformed IPC messages Dead Link
Link to this headingSafari
Pwn2Own 2017: UAF in JSC::CachedCall (WebKit)
365 Days Later: Finding and Exploiting Safari Bugs using Publicly Available Tools
Attribution is hard — at least for Dock: A Safari sandbox escape & LPE