April 8, 2024 at 10:27AM
Google has announced support for a V8 Sandbox in the Chrome web browser to address memory corruption issues in the V8 JavaScript and WebAssembly engine. The sandbox aims to limit V8 vulnerabilities and will be enabled by default in Chrome version 123, with a 1% performance overhead. This development comes amid efforts to enhance cybersecurity.
Key takeaways from the meeting notes on Newsroom Software Security / Cybersecurity:
– Google announced the introduction of a V8 Sandbox in the Chrome web browser to address memory corruption issues, aiming to prevent the spread of memory corruption within the host process and mitigate common V8 vulnerabilities.
– V8 Sandbox is a lightweight, in-process sandbox for the JavaScript and WebAssembly engine, designed to limit the impact of V8 vulnerabilities by isolating the code executed by V8 from the rest of the process.
– The sandbox assumes that an attacker can modify any memory inside the sandbox address space and aims to protect the rest of the process from such an attacker.
– Samuel Groß highlighted the challenges with tackling V8 vulnerabilities and the need for the V8 Sandbox to isolate V8’s heap memory, preventing memory corruption from escaping the security confines to other parts of the process’ memory.
– Benchmark results show that the V8 Sandbox adds an overhead of about 1% on typical workloads and will be enabled by default starting with Chrome version 123 across various platforms.
– The V8 Sandbox requires a 64-bit system and reserves a large amount of virtual address space, and it is considered a necessary step towards memory safety.
– Google also highlighted the role of Kernel Address Sanitizer (KASan) in detecting memory bugs in native code and its use for discovering bugs in Android firmware security.
Let me know if you need further details on any specific aspect.