This presentation gives the basic knowledge of the ANGLE project and examines how to use ANGLE in WebGL/WebGL2 of web browsers. In this talk we analyze the types of vulnerabilities and root causes that occurred in ANGLE and we analyze exploitable vulnerabilities and explain how to obtain RCE in macOS (iOS is also affected, but PAC bypass is not covered in this presentation.)
We will start with a basic introduction to WebGL / WebGL2 component and how to use ANGLE in your web browser followed by a look at the following vulnerabilities:
- CVE-2021-30626 (chromium)
- crbug.com/1266437 (chromium)
- CVE-2022-26717 (Safari)