WebAssembly binaries remain vulnerable to buffer overflow attacks due to inherited memory unsafety from source languages and the absence of effective unmanaged memory protection mechanisms. This work proposes a binary translation approach that requires neither source code modifications nor runtime changes, enabling, for the first time at the WebAssembly level, a synergistic defense combining stack canaries and address space layout randomization (ASLR). By statically rewriting binaries to embed these security mechanisms, the method demonstrates strong effectiveness across multiple benchmark programs, significantly enhancing resistance to buffer overflow exploits. The approach offers a practical pathway toward low-overhead, highly compatible memory safety protections for WebAssembly modules.

WebAssembly is quickly becoming a popular compilation target for a variety of code. However, vulnerabilities in the source languages translate to vulnerabilities in the WebAssembly binaries. This work proposes a methodology and a WebAssembly transpiler to prevent buffer overflows in the unmanaged memory of the WebAssembly runtime. The transpiler accepts a WebAssembly binary and adds stack canaries and Address Space Layout Randomization (ASLR) to protect against buffer overflows.