Pwning the Ladybird Browser

Pwning the Ladybird browser April 23, 2025 Intro Ladybird is a relatively new browser engine originating from the SerenityOS project. Currently, it’s in pre-alpha and improving quickly. Take a look at the website and the GitHub for more information! I’ll be researching the JavaScript engine of Ladybird, LibJS. Architecture LibJS has an interpreter tier and no compilation tiers (yet!). It includes common modern JS engine optimizations and is built with extensive verification checks across its critical code paths and data structures, including vectors, making scenarios such as integer overflows leading to out-of-bounds accesses harder to exploit. Fuzzing We’ll be using Fuzzilli, a popular fuzzer for JavaScript interpreters. Here’s the description from the GitHub: A (coverage-)guided fuzzer for dynamic language interpreters based on a custom intermediate language ("FuzzIL") which can be mutated and translated to JavaScript. - Fuzzilli Fuzzilli can be configured with additional ... Read full article.