🔥The 9th Round of Easy Loan, Earn $40 Reward is in progress❗️ ⏰ Promotion Period: January 15th - Feburary 15th, 2025 👉 Register now and check more details at gate.io/campaigns/358

We just started the #v8CTF: a new exploit bounty program for v8! * $10,000 * N-day vulnerabilities are in scope, but limited to first submission per deployed v8 version * unlimited for self-found bugs (on top of regular VRP) More info here: github.com/google/securit…

Some really cool recent work by stephen: * We now have a V8 exploit bounty ($10k) in the form of the V8CTF: github.com/google/securit… * A blog post about our CFI plans: v8.dev/blog/control-f…

The first #v8CTF submission is in \o/ This was chromium-review.googlesource.com/c/v8/v8/+/4773…

Venturing into the world of browser exploitation? these two Samuel Groß's Phrack articles are an essential rite of passage 👇🌐 phrack.org/issues/70/3.ht… phrack.org/issues/70/9.ht…

I've been meaning to write this for some time now and finally got around to it: a "V8 Sandbox Glossary" document that briefly explains the most important terms/concepts used for the sandbox and links to the respective design documents: docs.google.com/document/d/10Z…

The first #v8CTF submission is now public: bughunters.google.com/reports/vrp/38… Note that the current flag is still up for grabs, maybe M118 is unhackable? ;P You should also check out @madstacks3's excellent writeup at madstacks.dev/posts/Start-Yo…

Some early performance numbers for the V8 Sandbox: looks like with most of the performance critical parts in place now, the overall performance cost of this future security boundary is only around 1% on popular benchmarks \o/ More results are linked from chromium-review.googlesource.com/c/v8/v8/+/5206…

New V8 Sandbox design document is out: docs.google.com/document/d/12M… This discusses how a hardware-based sandbox instead of the currently purely software-based one might look like in a somewhat distant future (if at all)

Big day for the V8 Sandbox: * Now included in the Chrome VRP: g.co/chrome/vrp/#v8… * Motivation & goals discussed in a new technical blog post: v8.dev/blog/sandbox If there is ever a Sandbox "beta" release, this is it!

Finally got around to publishing the slides of my talk offensivecon from ~two weeks ago. Sorry for the delay! The V8 Heap Sandbox: saelo.github.io/presentations/… Fantastic conference, as usual! :)

And the recording is now also public: youtu.be/5otAw81AHQ0?si… thanks offensivecon!

Another big step towards becoming a security boundary: today we’re expanding the VRP for the V8 Sandbox * No longer limited to d8 * Rewards for controlled writes increased to $20k * Any memory corruption outside the sandbox now in scope bughunters.google.com/about/rules/ch… Happy hacking!

I’m very excited to announce that we at V8 Security have finally published our first version of Fuzzilli that understands Wasm! Go check it out at github.com/googleprojectz…. While we still have a way to go in improving it, we think it shows a promising approach!

Thanks to these articles from Samuel Groß(Samuel Groß), I started studying browsers vr/xd and this was basically the starting point: phrack.org/issues/70/3#ar… phrack.org/issues/70/9#ar…