ChaffyScript: vulnerability-agnostic defense of JavaScript exploits via memory perturbation

Abstract

JavaScript has been used to exploit binary vulnerabilities of host software that are otherwise difficult to exploit; they impose a severe threat to computer security. Although software vendors have deployed techniques like ASLR, sandbox, etc. to mitigate JavaScript exploits, hacking contests (e.g.,Pwn2Own, GeekPwn) have demonstrated that the latest software (e.g., Chrome, IE, Edge, Safari) can still be exploited. An ideal JavaScript exploit mitigation solution should be flexible and allow for deployment without requiring code changes. To this end, we propose ChaffyScript, a vulnerability-agnostic mitigation system that thwarts JavaScript exploits via undermining the memory preparation stage of exploits. We implement a prototype of ChaffyScript, and our evaluation shows that it defeats the 11 latest JavaScript exploits with minimal runtime and memory overhead. It incurs at most 5.88% runtime overhead for chrome and 12.96% for FireFox. The maximal memory overhead JS heap usage, observed using the Octane benchmark, was 8.2%. To demonstrate the deployment flexibility of ChaffyScript, we have integrated it into a web proxy.