The Browser Security Breakthrough That Made UAF Exploits Harder

Looking back at my time on the Chakra and the OG Edge team, few projects I had the opportunity to work on feel as consequential to my development as an engineer as my opportunity to work on MemGC (Memory Garbage Collection). In the 2014-16 time period the largest amount of security bugs filed against Internet Explorer were Use-After-Frees (UAFs).

MemGC was our architectural response: a garbage collector designed not just for performance, but as a hard security boundary. It was good enough that it recieved praise from Google project zero: "MemGC is an example of a useful mitigation that results in a clear positive real-world impact". I do love quoting this 😂.

The Core Idea: Turning UAF into a GC Problem

Before MemGC, we tried mitigations like Isolated Heap and Delay Free. They were clever "band-aids" that made exploitation harder but didn't solve the...

Copyright of this story solely belongs to hackernoon.com. To see the full text click HERE