Samuel Groß
@saelo.bsky.social
Working on Project Zero, Big Sleep, and V8 Security. Personal account.
It's been a great pleasure being part of the core V8 team and I'll still be active in the V8 Security space in a (mostly) consulting role to help ensure the V8 Sandbox keeps progressing and becomes a strong security boundary! :)
August 12, 2025 at 11:37 AM
It's been a great pleasure being part of the core V8 team and I'll still be active in the V8 Security space in a (mostly) consulting role to help ensure the V8 Sandbox keeps progressing and becomes a strong security boundary! :)
It's not (yet) meant for production use, but should offer a preliminary look at where things might be heading. See crbug.com/350324877 for more details.
Feedback welcome! :)
Feedback welcome! :)
Chromium
crbug.com
July 9, 2025 at 9:04 AM
It's not (yet) meant for production use, but should offer a preliminary look at where things might be heading. See crbug.com/350324877 for more details.
Feedback welcome! :)
Feedback welcome! :)
And I've also updated our V8 Exploit Tracker sheet now: docs.google.com/document/d/1... (see the 2025 tab) :)
V8 Exploit Tracker
2024 Issue First Exploited Description Exploit requires V8 Sandbox Bypass Exploit requires optimizing JITs (Turbofan & Maglev) Exploit requires any JITs (Liftoff, Sparkplug, Maglev & Turbofan) Varian...
docs.google.com
June 3, 2025 at 7:42 AM
And I've also updated our V8 Exploit Tracker sheet now: docs.google.com/document/d/1... (see the 2025 tab) :)
This for example shows that the V8 Sandbox is pretty promising in terms of "bug coverage". Of course that also assumes that it'll become a strong security boundary (it's still pretty soft at the moment), see bsky.app/profile/sael...
And the recording is now also public: youtu.be/5otAw81AHQ0?... thanks @offensivecon.bsky.social!
June 7, 2024 at 4:01 PM
This for example shows that the V8 Sandbox is pretty promising in terms of "bug coverage". Of course that also assumes that it'll become a strong security boundary (it's still pretty soft at the moment), see bsky.app/profile/sael...
Trusted space design doc: docs.google.com/document/d/1...
V8 Sandbox - Trusted Space
V8 Sandbox - Trusted Space Author: saelo@ First Published: October 2023 Last Updated: October 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and discusses...
docs.google.com
November 30, 2023 at 5:14 PM
Trusted space design doc: docs.google.com/document/d/1...
I've also updated the high-level design document (in particular the summary diagram) to better reflect the current design: docs.google.com/document/d/1...
V8 Sandbox - High-Level Design Doc
V8 Sandbox Aka. “Ubercage” Author: saelo@ First Published: July 2021 Last Updated: October 2023 Status: Living Doc Visibility: PUBLIC This document is part of the V8 Sandbox Project and covers th...
docs.google.com
October 20, 2023 at 1:34 PM
I've also updated the high-level design document (in particular the summary diagram) to better reflect the current design: docs.google.com/document/d/1...