Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I talk about how Flash and Java applets can compromise the host OS arbitrarily, and you respond with a paper about how WebAssembly cannot do that but may lead to the program itself running in unexpected, isolated, ways. FTP:

> The standard has been designed with security in mind, as evidenced among others by the strict separation of application memory from the execution environment’s memory. Thanks to this separation, a compromised WebAssembly binary cannot compromise the browser that executes the binary.



Yes, because first, you can compile heartbleed to WebAssembly.

Secondly, because WebAssembly is yet to become the next target of security researchers, those papers are the first steps.

Third, it is only a bytecode format, it cannot assure anything about the host implementation.

Naturally there are yet flaws to be discovered.




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: