WebAudio is a widely used audio processing API in popular browsers, which provides rich audio support for the exclusive browser Safari on macOS. Given its widespread use, it is critical to thoroughly test WebAudio to ensure its reliability. Traditional fuzzing techniques typically lack awareness of the input structure and fail to accommodate the unique characteristics of audio file formats, and cannot generate effective fuzzing input, thus falling short of effectively detecting vulnerabilities within WebAudio.

In this work, we introduce Proteus, an advanced greybox fuzzer designed to achieve structure awareness through the use of input templates. Moreover, Proteus is equipped with high-level mutation operators, diverging from traditional bit-level manipulations, and incorporates a post-processing stage that repairs format constraints disrupted during mutation. These enhancements enable Proteus to explore new input domains effectively while maintaining file validity, significantly improving the depth and efficiency of the fuzzing process.

Our evaluation confirms the effectiveness of Proteus. In the experiment of fuzzing WebAudio using CAF files, our tool exposed significantly more vulnerabilities than the baseline Honggfuzz without compromising efficiency. Excitingly, we have identified a vulnerability that can be exploited to gain control of the browser. Generally, Proteus has discovered 36 zero-day vulnerabilities in WebAudio on macOS 10.15.3, with 11 of these assigned CVEs.