WebAssembly is a type of code designed to run in modern web browsers. It is designed to run alongside JavaScript using WebAssembly JavaScript APIs - creating an option for performance critical functionality.
As WebAssembly increases the browser's attack surface, so browsers contain WASM inside the browser's sandbox and restricts system access.
A risk maybe breaking out of the sandbox. Adobe Flash was a product sandboxed after a bunch of exploits, and after sandboxing exploits still occurred.
Transmission of WASM does not require TLS, HSTS or any other transport layer security mechanism making it susceptible to man-in-the-middle attacks.
Integrity checking is also impossible as WASM modules need not be signed by the author.
Some security-focused browser configurations can block WASM.
No comments:
Post a Comment