As time goes by, we increasingly use more sensitive and private data in our web browsers, such as in Chrome. Hence its developers, in this case Google, constantly launch new functions and features in this regard, as is the case at hand now.
We tell you all this because the search giant has just announced support for a new integrated security tool in your Chrome. Specifically, we are referring to the new support for what the company calls V8 Sandbox, which we will detail below. Say that the main objective of this tool is to solve problems with vulnerabilities in the computer’s memory when using the program.
With this sandbox, the aim is to prevent memory corruption in V8 from propagating within the host process. We must keep in mind that this tool is integrated into the process, it makes use of the JavaScript and WebAssembly engine, all to mitigate the most common V8 vulnerabilities. To give us a rough idea, the idea of all this is to limit the impact of V8 vulnerabilities.
Thus, it limits the code executed by V8 to a virtual address space outside the process, precisely hence the sandbox, isolating it from the rest of the process as a security measure. And those responsible for Google browser security are fully aware that this section has accounted for an important part of the zero-day vulnerabilities between 2021 and 2023. Specifically, they have been detected up to 16 security flaws in that period of time.
This sandbox assumes that an attacker can modify the computer’s memory when using Chrome based on typical V8 vulnerabilities. Additionally, you will be able to read said memory outside of the sandbox through hardware side channels.
This is how Chrome will protect your browsing from now on
Hence, the objective of this tool is to protect the rest of the process from that specific attack. Furthermore, its developers have made the decision to change its design to a safer programming language for memory as is Rust. And almost all the vulnerabilities detected and exploited today in V8 have memory use in common.
Assuming that these problems cannot be protected with the same techniques used in common vulnerabilities, that is precisely where the V8 Sandbox comes into play. It is designed to isolate memory from V8 so that if a vulnerability occurs here, it cannot escape to other parts of the running process.
Say that this is achieved by replacing all types of data that can access memory with alternatives compatible with the new sandbox. This effectively prevents an attacker from accessing the rest of the memory in Chrome. It is also worth knowing that this is hardly affects browser performance of Google.
Tests have shown that the new security feature adds an overhead of approximately 1%, which is not noticeable. This is a novelty that can be activated by default from the Chrome version 123 on all supported systems.