Given that it’s the most widely-used web browser on the market, Google Chrome has had a target on its back for some time. Because of that, Google is always tinkering with security to stay ahead of hackers, ne’er do wells, vulnerabilities, and a host of other issues.
Also: 5 ways to improve your Chrome browser’s security (and why you should)
With its latest announcement, Google has introduced the V8 Sandbox, which is a lightweight, in-process sandbox for V8 (the Google JavaScript engine) that is designed to prevent common vulnerabilities within the engine.
According to the V8 Sandbox Readme, “The sandbox limits the impact of typical V8 vulnerabilities by restricting the code executed by V8 to a subset of the process’s virtual address space (“the sandbox”), thereby isolating it from the rest of the process.
This works purely in software (with options for hardware support, see the respective design document linked below) by effectively converting raw pointers either into offsets from the base of the sandbox or into indices into out-of-sandbox pointer tables. In principle, these mechanisms are very similar to the userland/kernel separation used by modern operating systems (e.g. the unix file descriptor table).
The initial design document for the V8 Sandbox was introduced nearly three years ago and has since progressed to the point where it’s no longer considered experimental. That initial design document stated the following as its motivation: “V8 bugs typically allow for the construction of unusually powerful and reliable exploits. Furthermore, these bugs are unlikely to be mitigated by memory safe languages or upcoming hardware-assisted security features such as MTE or CFI. As a result, V8 is especially attractive for real-world attackers.”
Also: Google just launched a faster, more efficient Chrome browser for Windows, but there’s a catch
The primary reason Google has developed this new Chrome security feature is that V8 has been at the center of quite a lot of Chrome’s zero-day vulnerabilities. To that end, the Chromium team stated (in the V8 Sandbox Readme), “The sandbox assumes that an attacker can arbitrarily and concurrently modify any memory inside the sandbox address space as this primitive can be constructed from typical V8 vulnerabilities.”
If you’re concerned that this new sandbox feature will slow down the browser (which sandboxing can do), the benchmarks from the team seem to indicate there’s only about a 1% increase for typical workflows.
The V8 sandbox is still under development, but it should be enabled by default starting with Chrome version 123 on Android, ChromeOS, Linux, MacOS, and Windows. That means it should be rolling out very soon.