Google announces V8 Sandbox to protect Chrome users>
Bit Defender Blog – Vlad CONSTANTINESCU
Google has announced support for the V8 Sandbox, a security feature in the Chrome web browser designed to mitigate JavaScript memory corruption issues
The feature will be implemented in Chrome 123, which will be considered a “beta” release for the sandbox
Key points:
1) In recent years, most Chrome web browser exploits have been linked to memory corruption issues in the V8 JavaScript engine, accounting for roughly 60% of these issues.
2) V8 vulnerabilities are rarely classic memory corruption bugs but rather subtle logic issues that can be exploited to corrupt memory, making existing memory safety solutions mostly inapplicable.
3) Researchers developed a method to segregate the heap memory of V8 to prevent the spread of memory corruption to different areas of the process’s memory, aiming to mitigate such vulnerabilities.
4) The V8 Sandbox must be enabled or disabled at build time using the v8_enable_sandbox build flag and requires a 64-bit system to reserve a large amount of virtual address space (currently one terabyte).
5) The feature has been present for roughly two years on 64-bit versions of Chrome on various platforms, despite its non-feature-complete state, to ensure the absence of stability issues and collect relevant performance statistics.
6) The V8 Sandbox has been included in Google’s Vulnerability Reward Program (VRP), allowing bounty hunters to demonstrate their ability to bypass the mechanism following strict submission rules.
Link: https://www.bitdefender.com/blog/hotforsecurity/google-announces-v8-sandbox-support-to-boost-chrome-user-security/