Google Fortifies Chrome with New V8 Sandbox, Invites Experts to Test Security
Charles M. Walls | April 8, 2024 | Views: 123
Google has launched a new initiative to bolster Chrome against memory safety vulnerabilities by introducing a V8 sandbox. This move includes opening up the sandbox to security experts for vulnerability detection.
In the last three years, Chrome has encountered multiple security issues related to memory safety, with many traced back to the V8 JavaScript engine. These issues involve complex logic problems in V8 that are not addressed by standard memory safety measures or by adopting memory-safe programming languages like Rust.
Google explains that most vulnerabilities in V8 share a common trait: they ultimately cause memory corruption within the V8 heap, as the engine's compiler and runtime primarily manipulate instances of V8 HeapObject.
The newly developed V8 sandbox aims to isolate the engine's heap memory to prevent any corruption from spreading to other parts of the system. Google chose to implement this protective measure using software alone, as no hardware solutions are currently available to support it.
The software-based sandbox functions by replacing standard data types that could interact with external memory with alternatives that are confined to the sandbox. Google highlights that with this setup, even if an attacker compromises the sandbox, they wouldn't be able to access the broader process memory, requiring them to bypass the sandbox itself.
Google first proposed this sandbox feature in 2021 and has now implemented it in Chrome 123 for testing. The company has also included the sandbox in Chrome's Vulnerability Reward Program (VRP), encouraging white hat hackers and security developers to explore and identify potential flaws.
Although the sandbox has only exposed minor memory corruption bugs so far, these are considerably less severe than those typically found in V8. Google remains optimistic that the sandbox will prove to be a more robust security layer over time. The company also notes that enabling the sandbox adds minimal overhead, under 1%, to typical processing tasks, making it feasible to activate by default on supported platforms.
For the last two weeks, the V8 sandbox has been active by default in 64-bit Chrome versions across Android, ChromeOS, Linux, macOS, and Windows. This has primarily been a test to assess stability and gather performance data.
