Web browsers are becoming almost as complex as operating systems, and just as prevalent, and yet we know so little about them. This talk will examine the parts of browsers and plug-ins that lead to Web applications being exploitable on the client-side.