Google Chrome Adds V8 Sandbox

We Keep you Connected

Google Chrome Adds V8 Sandbox

Apr 08, 2024NewsroomInstrument Safety / Cybersecurity

Chrome V8 Sandbox

Google has introduced assistance for what’s referred to as a V8 Sandbox within the Chrome internet browser in an attempt to deal with reminiscence corruption problems.

The sandbox, consistent with V8 Safety technical govern Samuel Groß, aims to stop “memory corruption in V8 from spreading within the host process.”

The quest behemoth has described V8 Sandbox as a light-weight, in-process sandbox for the JavaScript and WebAssembly engine that’s designed to mitigate ordinary V8 vulnerabilities.

The speculation is to restrict the have an effect on of V8 vulnerabilities through proscribing the code achieved through V8 to a subset of the method’ digital deal with field (“the sandbox”) and setting apart it from the extra of the method.


Shortcomings affecting V8 have accounted for a vital chew of the zero-day vulnerabilities that Google has addressed between 2021 and 2023, with as many as 16 safety flaws came upon over the day length.

“The sandbox assumes that an attacker can arbitrarily and concurrently modify any memory inside the sandbox address space as this primitive can be constructed from typical V8 vulnerabilities,” the Chromium staff said.

“Further, it is assumed that an attacker will be able to read memory outside of the sandbox, for example, through hardware side channels. The sandbox then aims to protect the rest of the process from such an attacker. As such, any corruption of memory outside of the sandbox address space is considered a sandbox violation.”

Groß emphasised the demanding situations with tackling V8 vulnerabilities through switching to a memory-safe language like Rust or {hardware} reminiscence protection approaches, equivalent to reminiscence tagging, given the “subtle logic issues” that may be exploited to deprave reminiscence, not like vintage reminiscence protection insects like use-after-frees, out-of-bounds accesses, and others.

Chrome V8 Sandbox

“Nearly all vulnerabilities found and exploited in V8 today have one thing in common: the eventual memory corruption necessarily happens inside the V8 heap because the compiler and runtime (almost) exclusively operate on V8 HeapObject instances,” Groß mentioned.

For the reason that those problems can’t be safe through the similar ways impaired for standard memory-corruption vulnerabilities, the V8 Sandbox is designed to isolate V8’s heap reminiscence such that are supposed to any reminiscence corruption happen, it can’t resignation the protection confines to alternative portions of the method’ reminiscence.

That is completed through changing all knowledge varieties that may get entry to out-of-sandbox reminiscence with “sandbox-compatible” choices, thereby successfully fighting an attacker from having access to alternative reminiscence. The sandbox can also be enabled through environment “v8_enable_sandbox” to true within the gn args.

Benchmark effects from Speedometer and JetStream display that the protection attribute provides an overhead of about 1% on standard workloads, permitting it to be enabled through default founding with Chrome model 123, spanning Android, ChromeOS, Linux, macOS, and Home windows.

“The V8 Sandbox requires a 64-bit system as it needs to reserve a large amount of virtual address space, currently one terabyte,” Groß mentioned.


“The sandbox is motivated by the fact that current memory safety technologies are largely inapplicable to optimizing JavaScript engines. While these technologies fail to prevent memory corruption in V8 itself, they can in fact protect the V8 Sandbox attack surface. The sandbox is therefore a necessary step towards memory safety.”

The advance comes as Google highlighted the position through Kernel Cope with Sanitizer (KASan) in detecting reminiscence insects in local code and backup harden Android firmware safety, including it impaired the compiler-based instrument for locating greater than 40 insects.

“Using KASan enabled builds during testing and/or fuzzing can help catch memory corruption vulnerabilities and stability issues before they land on user devices,” Eugene Rodionov and Ivan Lozano from the Android staff said.