A Case Study of an Incorrect Bitwise AND Optimization in V8
How a subtle JIT compiler optimization error in V8 became an exploitable vulnerability — CVE-2021-30599 dissected.
NUS GreyHats Security Wednesday
Talk delivered at the NUS GreyHats Security Wednesday series (April 2022). A deep dive into CVE-2021-30599, an incorrect bitwise AND optimization in V8’s JIT compiler. The presentation covers how the compiler miscompilation was discovered, how it can be turned into a type confusion primitive, and what the broader takeaway is for auditing JIT compilers.