Browser and web platform
BugHog: Automated Browser Bug Bisection On Steroids
<p>Identifying the exact commits where bugs are introduced or regressed in web browsers is often a tedious and time-consuming task. As a result, mapping the full lifecycle of a newly reported bug rarely becomes part of the standard bug-fixing process, even though doing so can reveal valuable insights and support more effective fixes. With <a href="https://github.com/DistriNet/BugHog">BugHog</a>, we developed an automated bisection tool on steriods, simplifying the hunt for buggy commits.</p>
<p>BugHog runs:
- dynamic test cases against historical browser builds
- in isolated Docker containers
- guided by an adaptive binary search algorithm
- across more than a decade of browser development history.</p>
<p>Originally developed for browser security research, BugHog has already demonstrated its value by reconstructing the lifecycle of publicly disclosed Content Security Policy bugs in Chromium and Firefox. This gave new perspectives on how security bugs evolve over time, exposed ineffective fixes, and even uncovered prematurely disclosed vulnerabilities.</p>
<p>In this talk, I will demonstrate how BugHog works, share lessons from large-scale browser analyses, and highlight how it can help both researchers and developers accelerate their bug investigations.</p>
Additional information
| Live Stream | https://live.fosdem.org/watch/h1309 |
|---|---|
| Type | devroom |
| Language | English |
More sessions
| 1/31/26 |
<p>Intro of the devroom</p>
|
| 1/31/26 |
<p>Web developers use open-source data all the time to help guide their decisions.</p> <p>In this talk, I'd like to tell you more about this data, and in particular about <a href="https://github.com/web-platform-dx/web-features">web-features</a>, an open-source project which aims at being a reference data point for the web platform.</p> <p>The project contains the list of <strong>all</strong> features of the web platform, at a level of granularity that's most useful to you, web developers. This ...
|
| 1/31/26 |
<p>When talking about CSS, we generally speak about how it’s super nice to have good looking websites, introduce a new feature and how to use it, etc.</p> <p>But today, we’d like to speak about a feature that has been into the CSS specifications since 1998, and that we don’t talk about very often: CSS for print 🖨️.</p> <p>During this talk, we’ll show how CSS can be used not to only create web pages, but also beautiful and structured paged documents. Interested in generating reports, ...
|
| 1/31/26 |
<p>How does a website display a mathematical formula? More importantly, how can we ensure that all browsers show it the same way?</p> <p><a href="https://www.w3.org/TR/mathml-core/">MathML Core</a> is a small subset of <a href="https://www.w3.org/TR/MathML3/">MathML 3</a>, specifically crafted for web browsers. It addresses inconsistencies in mathematical rendering across different browser engines. <a href="https://www.igalia.com/">Igalia</a> has been actively working on <a ...
|
| 1/31/26 |
<p><a href="https://caniwebview.com/about/">WebViews</a> are everywhere—but fragmented, inconsistent, and often invisible to web developers. Used for in-app browsers, hybrid apps, and <a href="https://www.w3.org/groups/wg/miniapps/">MiniApps</a>, WebViews form a significant part of the web platform that many developers unknowingly target. Some developers specifically build for WebViews in hybrid apps or MiniApps, while others create standard websites without realizing they'll run in WebView ...
|
| 1/31/26 |
<p>WebTransport is an upcoming protocol (standardized by the IETF) and Web API (standardized by the W3C) for bidirectional communication on the web. It provides multiplexed streams and unreliable datagrams on top of HTTP/3 and HTTP/2.</p> <p>This talk explains how WebTransport works at the protocol level, how it maps to QUIC when run on top of HTTP/3, and how its capabilities differ from WebSocket. The session will also cover the current state of browser and server support, and where the ...
|
| 1/31/26 |
<p>Web Components have become a bit of a divisive topic in the Web community in recent years. On the one hand you have platform advocates arguing Web Components are a boon to interoperability, can simplify tooling and distribution, and provide a common bed for experimentation and innovation. On the other hand, framework authors often complain that they complicate runtime code with special-cases and that Custom Elements are the wrong level of abstraction for framework components.</p> <p>Lustre <a ...
|
