Quick Disclaimer: We do not have definitive knowledge/are not experts of all things V8. Sometimes we will make assumptions about the code, attempting to rely on the existing V8 documentation or articles by members of their team. Also, this knowledge should be used to enhance the security of V8. Please report any vulnerabilities through Google’s responsible disclosure program.
Welcome to the inaugural post for this series on vulnerability research for Google’s V8! We (Pranay Garg and John Johnson) are excited to take a deep dive into everything that you need to get started in this space. We’ll each be publishing half of the posts, so make sure to check out both of our blogs!
We believe that there is still a lot of research to be done in this area (and Google does, too). While the V8/Chromium teams have put countless security measures in place, exploitable bugs are still found on a regular basis. We hope to explain the processes for vulnerability discovery and exploitation, as well as the code base, in a way that will allow more people to begin bug hunting and memory safety research.
If you are completely new to V8, see this quick except from the README:
Our goal in this study will be to create as complete a guide as possible to understanding the current state of V8 exploitation, and also its future! However, it would be entirely impossible without the work that has already been accomplished that gave us our own starting point. Here are several references that we used for understanding. There are probably more that we could have listed, but these were the most influential. Many of the topics covered in these articles will be covered in future posts, so there’s no need to fully understand everything on this list. However, this will be a great place to come back to if future posts don’t provide enough information. There’s a list similar to this one on the zon8 blog where you can find even more links.