Aaron's Note

Hello! I am Seongjoon (Aaron) Cho, an offensive security researcher based in South Korea. Currently, I am focused on browser vulnerability research, specifically targeting the V8 JavaScript engine.
I created this blog to share my experiences and knowledge in a free-form, unstructured way. If my notes can help even one person, I’ll be happy. I’m an enthusiastic learner who is always looking to improve, so please feel free to reach out if you notice any mistakes or have feedback.

Find me on , , and .

Writing

2024-02-04
Escaping V8 Sandbox via WebAssembly JIT Spraying: Part 2 (11.0.4 <= V8 < 12.2.170)
2024-02-03
Escaping V8 Sandbox via WebAssembly JIT Spraying (V8 < 10.6.24)
2023-04-30
Escaping the V8 Sandbox by Overwriting WebAssembly Jump Table via TypedArray or ArrayBuffer: Part 2 (10.0.138 <= V8 < 10.3.163)
2023-04-29
Escaping the V8 Sandbox by Overwriting WebAssembly Jump Table via TypedArray or ArrayBuffer (V8 < 10.0.138)