oss-fuzz icon indicating copy to clipboard operation
oss-fuzz copied to clipboard
verified publisher icon google

New project: chrome-wasm-fuzzer

Open not2dayred-max opened this issue 2 months ago • 1 comments

This is a dedicated fuzz target for Chrome's V8 WebAssembly parser. The fuzzer uses libprotobuf-mutator to generate malformed WASM modules, aiming to find OOB writes, type confusion, and JIT crashes.

  • Language: C++
  • Fuzzing Engine: libfuzzer
  • Sanitizers: AddressSanitizer, UndefinedBehaviorSanitizer
  • Dependencies: Base V8 components (handled in BUILD.gn)
  • Why this? WASM is a high-risk area for Chrome (15+ CVEs in 2025); this targets instantiate and compile paths.

Ready for integration. Let me know if adjustments needed.

not2dayred-max avatar Nov 06 '25 20:11 not2dayred-max

Do you work on this project? I'm think you should probably upstream this target since v8 is fuzzed in Chrome

jonathanmetzman avatar Nov 26 '25 22:11 jonathanmetzman