Google Chrome Introduces V8 Sandbox to Bolster Security
Google has unveiled support for the V8 Sandbox in its Chrome web browser, aiming to combat memory corruption issues. According to Samuel Groß, the V8 Security technical lead, the sandbox prevents the spread of memory corruption within the host process.
Described as a lightweight, in-process sandbox for the JavaScript and WebAssembly engine, the V8 Sandbox mitigates common vulnerabilities. It restricts V8 code execution to a subset of the process's virtual address space, isolating it from the rest of the process to limit vulnerability impact. These vulnerabilities have comprised a significant portion of Google's addressed zero-day vulnerabilities, with up to 16 security flaws discovered between 2021 and 2023.
The sandbox assumes attackers can arbitrarily modify memory inside the sandbox address space and aims to protect the rest of the process from such attacks. Groß highlights the challenges of addressing V8 vulnerabilities with memory-safe languages like Rust, given the exploitable "subtle logic issues." The V8 Sandbox isolates V8's heap memory to prevent memory corruption from escaping to other parts of the process's memory. It replaces data types accessing out-of-sandbox memory with sandbox-compatible alternatives to prevent attackers from accessing other memory.
Benchmark results indicate a 1% overhead on typical workloads, allowing the sandbox to be enabled by default in Chrome version 123 across multiple platforms. The V8 Sandbox requires a 64-bit system because it needs a large virtual address space. It's seen as a necessary step toward memory safety in JavaScript engines, as current memory safety technologies are largely ineffective in optimizing them.
Additionally, Google highlights the role of Kernel Address Sanitizer (KASan) in detecting memory bugs in native code and enhancing Android firmware security. KASan has been instrumental in discovering over 40 bugs, underscoring its importance in precluding memory corruption vulnerabilities before they reach user devices.
Source: https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html