WebGPU exposes GPU computational capabilities directly to the web, enabling game engines and local large language models in browsers. This architectural shift introduces significant risk: Shader compilation pipelines, traditionally protected by local-only access, now process untrusted web inputs. Shader compilers written in C and C++ handle millions of lines with minimal security hardening, creating exploitable surfaces when memory safety assumptions fail.

Targeting weakly sandboxed or unsandboxed GPU processes across Linux and Android allows attackers to leverage shader compiler vulnerabilities and compromise browser isolation. Custom intermediate representations enable semantically valid shader mutations that bypass parsing and type checks, exposing deep compiler logic to systematic fuzzing across vendor-specific GPU stacks.

In this session, Security Researcher Lukas Bernhard will discuss:

• How custom intermediate representations enable semantic-aware mutations that penetrate compiler optimization paths;
• Why GPU process sandboxing weaknesses amplify shader compiler exploitation risk;
• Fuzzing vendor GPU stacks without source access or coverage instrumentation.