Bugs in Chrome's JavaScript engine can lead to powerful exploits

silversurfer

Level 85
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Malware Hunter
Well-known
Aug 17, 2014
10,057
A new project hopes to beef up the security of V8, a part of the Chrome browser that most users aren't aware of but that hackers increasingly see as a juicy target.

Samuel Groß, a member of the Google Project Zero security researchers team, has detailed a V8 sandbox proposal to help protect its memory from nastier bugs in the engine using virtual machine and sandboxing technologies.

"V8 bugs typically allow for the construction of unusually powerful exploits. Furthermore, these bugs are unlikely to be mitigated by memory safe languages or upcoming hardware-assisted security features such as MTE or CFI," explains Groß, referring to security technologies like Microsoft's Control-flow integrity (CFI) and Intel's control-flow enforcement technologies (CET). "As a result, V8 is especially attractive for real-world attackers."
Samuel Groß explains the problem with V8 that stems from JIT compilers that can be used to trick a machine into emitting machine code that corrupts memory at runtime.

"Many V8 vulnerabilities exploited by real-world attackers are effectively 2nd order vulnerabilities: the root-cause is often a logic issue in one of the JIT compilers, which can then be exploited to generate vulnerable machine code (e.g. code that is missing a runtime safety check). The generated code can then in turn be exploited to cause memory corruption at runtime."

He also highlights the shortcomings of the latest security technologies, including hardware-based mitigations, that will make V8 an attractive target for years to come and hence is why V8 may need a sandbox approach. These include:
  • The attacker has a great amount of control over the memory corruption primitive and can often turn these bugs into highly reliable and fast exploits
  • Memory safe languages will not protect from these issues as they are fundamentally logic bugs
  • Due to CPU side-channels and the potency of V8 vulnerabilities, upcoming hardware security features such as memory tagging will likely be bypassable most of the time
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top