Software Fault Isolation (SFI) mechanisms—widely deployed in modern browsers (e.g., V8’s heap sandbox)—lack systematic security validation under strong adversarial assumptions. Method: We propose an empirical security analysis framework that formally models the SFI security boundary and employs memory-load instrumentation coupled with controlled fault injection to emulate an attacker with full control over sandboxed memory, thereby rigorously assessing the robustness of trusted-code components against corrupted data. This approach transcends conventional black-box and gray-box testing by enabling fine-grained, reproducible verification of SFI memory isolation logic. Contribution/Results: Applied to the V8 JavaScript engine, our method uncovered 19 memory corruption vulnerabilities leading to sandbox escape. These reveal critical design flaws—including missing boundary checks, type confusion, and insufficient pointer validation—in current SFI implementations. Our work establishes a new paradigm for SFI hardening and automated verification, grounded in empirical evidence and scalable analysis.

We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack vector is JavaScript, which exposes a large attack surface due to the sheer complexity of modern JavaScript engines. To mitigate these threats, modern engines increasingly adopt software-based fault isolation (SFI). A prominent example is Google's V8 heap sandbox, which represents the most widely deployed SFI mechanism, protecting billions of users across all Chromium-based browsers and countless applications built on Node.js and Electron. The heap sandbox splits the address space into two parts: one part containing trusted, security-sensitive metadata, and a sandboxed heap containing memory accessible to untrusted code. On a technical level, the sandbox enforces isolation by removing raw pointers and using translation tables to resolve references to trusted objects. Consequently, an attacker cannot corrupt trusted data even with full control of the sandboxed data, unless there is a bug in how code handles data from the sandboxed heap. Despite their widespread use, such SFI mechanisms have seen little security testing. In this work, we propose a new testing technique that models the security boundary of modern SFI implementations. Following the SFI threat model, we assume a powerful attacker who fully controls the sandbox's memory. We implement this by instrumenting memory loads originating in the trusted domain and accessing untrusted, attacker-controlled sandbox memory. We then inject faults into the loaded data, aiming to trigger memory corruption in the trusted domain. In a comprehensive evaluation, we identify 19 security bugs in V8 that enable an attacker to bypass the sandbox.