Job Bautista

Ok wtf. So you're telling me that #Google #Chrome's #V8 #JavaScript engine was more #insecure than #Mozilla's #Spidermonkey after all these years? Because I'm pretty sure SM has been already doing plenty of the things mentioned in this article (I've touched on SM code plenty of times, so much more than I wanted because I worked on separating Spidermonkey from the monolithic #libxul, it's still hurting my brain...), even before the #Quantum rewrite. So even #PaleMoon which has been commonly trashed for being "old and insecure" is apparently more secure than Chrome, but most crucially it also disproves the long-standing blind belief by security freaks out there that Chrome is "more secure" than #Firefox when it's the other way around on many fronts...

https://thehackernews.com/2024/04/google-chrome-adds-v8-sandbox-new.html

#web #webbrowser #browser #browsers #openweb

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

Google tackles Chrome security with new V8 Sandbox. This aims to stop memory issues from spreading, protecting your browser experience.

^{The Hacker News}

#firefox #google #mozilla #browser #chrome #javascript #web #quantum #webbrowser #browsers #openweb #palemoon #v8 #insecure #spidermonkey #libxul

in reply to Job Bautista

Seirdy

in reply to Job Bautista • 2 weeks ago • •

Security isn’t a one-dimensional axis, but Firefox is making good progress. From 2020 to 2023, it did a good job catching up to Chromium’s process separation with its Utility Process Overhaul: Firefox now has process separation between its components comparable to Chromium’s.

Right now, SM is catching up to V8 on many areas; it removed its ineffective W^X mitigation in favor of focusing on making JIT Spraying implausible, which will take a long time to implement. Toolchain hardening is also catching up, as it looks like work on exploring CFI has resumed (no word on shadow call stacks or memory tagging but I imagine one of those will follow). I’m optimistic that by the end of 2025, SM’s JIT will be safe for security-conscious users to enable.

This entry was edited (1 week ago)

in reply to Seirdy

Seirdy

in reply to Seirdy • 2 weeks ago • •

Moreover, the V8 sandbox isn’t the same as the sandbox used to isolate content processes in Chromium’s site/origin isolation, let alone what Firefox’s Fission uses. There isn’t a Firefox equivalent to this yet.

in reply to Seirdy

Tanith the Gay

in reply to Seirdy • 2 weeks ago • •

SM's JIT […] will be safe to enable

Y, tho? Like, does'tve any meaningful performance advantages? Microsoft's Edge developers seemeda think't doesn't, at least in Chromium-based stuff.

in reply to Tanith the Gay

Seirdy

in reply to Tanith the Gay • 2 weeks ago • •

WebAssembly in SM is JIT-only. Edge has a wasm interpreter (DrumBrake) which Chromium declined to upstream. So Edge is the only browser that can do wasm without JIT.

Jitless performance is usually fine, but sometimes very lacking.

⇧

Job Bautista

Job Bautista 2 weeks ago • •

Google Chrome Adds V8 Sandbox - A New Defense Against Browser Attacks

Seirdy

Seirdy

Tanith the Gay

Seirdy

Job Bautista
2 weeks ago • •