Native Client is Google's attempt at bringing millions of lines of existing C/C++ code to the Chrome web browser in a secure sandbox through a combination of software fault isolation, a custom compiler toolchain and a secure plugin architecture. Sound challenging? It is! Native Client isn't a typical browser extension and it certainly isn't ActiveX. Native Client allows for all sorts of applications to run inside in your browser, everything from games to PDF readers. In this talk I will cover the basics of the Native Client sandbox and general security relevant architecture including PPAPI (the replacement for NPAPI), vulnerabilities I discovered via source review in the PPAPI interface and finally a tool that dynamically generates code to fuzz the Native Client PPAPI interfaces based on the IDL (Interface Description Language) files found in the Chrome source tree.
Chris Rohlf has been working in computer security for nearly a decade and is currently an Independent Security Consultant and President of Leaf Security Research (Leaf SR). Prior to founding Leaf SR, Chris was a principal security consultant at Matasano Security in NYC. He has spent the last 10 years as a security researcher, consultant, developer and engineer for organizations including the US Department of Defense. He has spoken at industry conferences including BlackHat Vegas 2009 and 2011, guest lectured at NYU Poly in Brooklyn NY, has been published in IEEE Security and Privacy magazine and is occasionally quoted by various media outlets. His security advisories include every major web browser, operating systems and more.