Priya Patel
TLDR:
Google Chrome has added a V8 Sandbox to address memory corruption issues and prevent vulnerabilities in the V8 engine from spreading within the host process. The sandbox limits the impact of V8 vulnerabilities by isolating V8’s heap memory. This new defense mechanism adds about 1% overhead on typical workloads and will be enabled by default starting with Chrome version 123.
Article Summary:
Google Chrome has introduced a V8 Sandbox in the browser to combat memory corruption issues in the V8 engine. The sandbox, a lightweight in-process sandbox for JavaScript and WebAssembly engine, aims to restrict the code executed by V8 to a subset of the process’ virtual address space, thereby mitigating common V8 vulnerabilities.
Memory safety challenges affecting V8 have led to the discovery of numerous zero-day vulnerabilities, with 16 security flaws identified between 2021 and 2023. The V8 Sandbox aims to isolate V8’s heap memory to prevent any memory corruption from escaping the security confines to other parts of the process.
The sandbox adds an overhead of about 1% on typical workloads and can be enabled by setting “v8_enable_sandbox” to true in the gn args. The V8 Sandbox is a necessary step towards memory safety in the face of subtle logic issues that can be exploited to corrupt memory, unlike classic memory safety bugs.
This development comes as Google highlights the importance of Kernel Address Sanitizer (KASan) in detecting memory bugs in native code and enhancing Android firmware security. The V8 Sandbox is designed to protect against memory corruption and improve the overall security of the Chrome browser.
