Design And Implementation For Vulnerability Scanning Platform Of V8 Javascript Engine Inside Chromium WEB Browser

Since the rapid development of the Internet in the 1990 s,Internet life has become an integral part of the daily life of the general public.Browsers are the most common lying medium for people to access the Internet,through which people can access a variety of resources on the Internet,including reading news,instant messaging,online shopping,making statements,and even playing games.All of this is done by the core of the browser.As people's demand for the Internet becomes more complex,more and more demands are being made for the multimedia support provided by browsers,and browsers themselves are getting closer to the bottom of the operating system.To this day,browsers themselves have become more powerful than ever before,and attacks on the Internet against vulnerabilities within browsers have become more frequent.But the complexity of the browser itself,combined with the dynamic nature of JavaScript running on it,makes it difficult to scan vulnerabilities on the browser itself.At present,the study of the browser's own vulnerability scanning technology is not extensive,and most of it stays inside the JavaScript engine,lacking the integrity of the browser embedded environment.And at present,there is no one-in-one vulnerability scanning platform for browsers at home and abroad.Considering the browsers of the major manufacturers based on chromium browsers,which are far ahead of the major players,both domestically and internationally,they have left the second place far behind,and in recent years,based on the number of disclosed CVE vulnerabilities,Chromium browsers,like their internal V8 engines,are firmly in the top spot,as are their market share.Therefore,this paper takes the most popular Chrome browser on the market as the starting point,takes its corresponding open source project Chromium as the research object,analyzes its core working mechanism in detail,points out the modules that are prone to vulnerabilities,and focuses on research.You will then introduce the basic composition of the Chrome debugging protocol,led by the Chromium project and widely used,and how it works.Then,with the Chrome debugging protocol as the fulcrum,the design and implementation details of the vulnerability scanning platform for its internal V8 engine are discussed.Finally,three typical CVE vulnerabilities are used as test cases to troubleshoot and fix specific versions of Chromium browsers,and to evaluate the effectiveness of the vulnerability scanning platform.