CompSec

Computer Security Lab at Seoul National University

Our research group works on general computer security and privacy problems. In particular, our research focus is systems security or systems hacking for commodity systems—desining and implementing secure systems for operating systems (Windows, Linux, Mac OS X) or user applications (Chrome, Firefox, Apache), or identifying or exploiting new vulnerabilities in popular computer systems.

Latest Updates

  • May 11, 2022: Suhwan Song is interning at Google in San Francisco this summer, incorporating his R2Z2 into the Chrome development infrastructure.
  • Apr 01, 2022: Suhwan Song received the bug bounty reward ($3,000): Chrome: the contents of iframe is placed outside of iframe when CSS “column-width” is defined in main frame
  • Mar 22, 2022: Yoochan Lee received the bug bounty reward ($34,000): macOS - Kernel heap overflow leads to Local Privilege Escalation
  • Mar 09, 2022: Young Min Kim received the bug bounty reward ($3,133.7): Google Translate - Extension vulnerabilty
  • Mar 02, 2022: Yoochan Lee received the bug bounty reward ($10,000): Solidly - Drain tremendous funds using invalid type casting
  • Mar 01, 2022: R2Z2 has been accepted to ICSE 2022!
  • Mar 01, 2022: MundoFuzz has been accepted to USENIX Security 2022!
  • Feb 22, 2022: Young Min Kim received the bug bounty reward ($1,000): Metamask - Extension vulnerability
  • Feb 01, 2022: Young Min Kim received the bug bounty reward ($2,000): Mozilla Firefox - Side-channel attack against autofill preview (CVE-2022-26382)
  • Jan 11, 2022: Young Min Kim received the bug bounty reward ($1,400): Naver Whale - Component extension vulnerabilities (CVE-2022-24071, CVE-2022-24072, CVE-2022-24073, CVE-2022-24074, CVE-2022-24075)
  • Dec 15, 2021: Young Min Kim received the bug bounty reward ($1,000): Microsoft Edge - Tampering vulnerability (CVE-2022-23261)
  • Dec 07, 2021: Sunwoo Kim and Young Min Kim received the bug bounty reward ($3,000): Mozilla Firefox - URL Leakage (CVE-2021-43536)
  • Nov 24, 2021: Young Min Kim received the bug bounty reward ($4,000) Google Chrome - Side-channel attack against autofill preview (CVE-2022-0109)
  • Aug 17, 2021: Byoungyoung gave a talk at Samsung Security Tech Forum 2021
  • Mar 23, 2021: DiFuzzRTL has been accepted to IEEE S&P 2021!