Google Adds V8 Sandbox in Chrome To Stop Memory Corruption Attacks


In a significant move to bolster the security of its widely-used V8 JavaScript engine, Google has unveiled the V8 Sandbox, a cutting-edge mechanism to prevent memory corruption attacks.

The V8 Sandbox represents a proactive approach to cybersecurity, operating under the assumption that attackers may gain arbitrary read and write access within the sandbox environment.

The primary objective of this new feature is to thwart any attempts at memory corruption that could affect areas outside of the sandbox.

Google Adds V8 Sandbox in Chrome To Stop Memory Corruption Attacks

Google Adds V8 Sandbox in Chrome To Stop Memory Corruption Attacks
Google Adds V8 Sandbox in Chrome To Stop Memory Corruption Attacks 3

“The goal of an RCE exploit would typically be to perform a privilege escalation attack, for example, by executing shellcode or performing a return-oriented programming (ROP)-style attack.

For either of these, the exploit will first want the ability to read and write arbitrary memory in the process, for example, to corrupt a function pointer then or place a ROP-payload somewhere in memory and pivot to it.” V8 team said.

Document

Stop Advanced Phishing Attack With AI

Trustifi’s Advanced threat protection prevents the widest spectrum of sophisticated attacks before they reach a user’s mailbox. Stopping 99% of phishing attacks missed by
other email security solutions. .


Emulating Attackers for Enhanced Security

To simulate potential threats, Google has equipped the V8 engine with a unique “memory corruption API,” activated when the engine is built with the v8_enable_memory_corruption_api = true flag.

This API is designed to mimic the capabilities that attackers might exploit through common V8 vulnerabilities, granting them full read and write access within the sandbox’s confines.

Google has also implemented a “sandbox testing” mode, which can be enabled through the --sandbox-testing or --sandbox-fuzzing flags. This mode introduces a signal handler that identifies whether signals, such as SIGSEGV, indicate a breach of the sandbox’s security protocols.

Free Webinarfor DIFR/SOC Teams: Securing the Top 3 SME Cyber Attack Vectors - Register Here.

Integration into Chrome’s Vulnerability Reward Program (VRP)

Integrating the V8 Sandbox into Chrome’s VRP allows for extensive fuzzing by specialized tools, ensuring that any potential security flaws are identified and addressed promptly. This integration is a testament to Google’s commitment to maintaining robust security standards.

The V8 Sandbox must be enabled or disabled when building with the v8_enable_sandbox build flag. Despite not being fully feature-complete, Google has rolled out the sandbox to gather real-world performance data and ensure it does not compromise stability.

Recent exploits targeting V8 have already had to contend with the sandbox, providing Google with valuable insights into its effectiveness.

The introduction of the V8 Sandbox marks a significant advancement in the security landscape of web browsers.

By preventing memory corruption within V8, Google aims to establish the sandbox as a more defensible security boundary than the engine itself. With ongoing enhancements and rigorous testing, the V8 Sandbox is poised to become a cornerstone of secure web browsing.

Secure your emails in a heartbeat! To find your ideal email security vendor, Take a Free 30-Second Assessment.



Source link