The web as it appears today consists of apps, rather than hypertext.
Recent additions to HTML5 APIs and the web application landscape raises the stakes for browser security: The attacker may now easily shift their target to active browsing sessions rather than the underlying operating system.
This talk covers the browser security model as it currently stands in modern user agents. After discussing legacy as well as recently added features, it will also present some expected enhancements in the browser security landscape. Following this overview, common bypasses and shortcomings of these security mechanisms will be discussed.