- Topic
56k Popularity
31k Popularity
25k Popularity
28k Popularity
75k Popularity
- Pin
- 🎉 The #CandyDrop Futures Challenge# is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win. - 📢 Gate Square Exclusive: #WXTM Creative Contest# Is Now Live!
Celebrate CandyDrop Round 59 featuring MinoTari (WXTM) — compete for a 70,000 WXTM prize pool!
🎯 About MinoTari (WXTM)
Tari is a Rust-based blockchain protocol centered around digital assets.
It empowers creators to build new types of digital experiences and narratives.
With Tari, digitally scarce assets—like collectibles or in-game items—unlock new business opportunities for creators.
🎨 Event Period:
Aug 7, 2025, 09:00 – Aug 12, 2025, 16:00 (UTC)
📌 How to Participate:
Post original content on Gate Square related to WXTM or its - 🎉 Attention Alpha fans! Alpha’s latest TAG airdrop goes live today at 10 AM—first come, first served!
💰 Don’t forget to share your airdrop or points screenshot on Gate Square with the hashtag #ShowMyAlphaPoints# for a chance to win a share of the $200 token mystery box!
🥇 Top points winner: $100
✨ 5 outstanding posts: $20 each
📸 Pro tips:
Add a caption like “I earned ____ with Alpha. So worth it”
Share your points-earning tips or redemption experience for a better chance to win!
📅 Activity deadline: August 10, 18:00 UTC
Let’s go! See you tonight: https://www.gate.com/announcements/article - 🎉 The #CandyDrop Futures Challenge is live — join now to share a 6 BTC prize pool!
📢 Post your futures trading experience on Gate Square with the event hashtag — $25 × 20 rewards are waiting!
🎁 $500 in futures trial vouchers up for grabs — 20 standout posts will win!
📅 Event Period: August 1, 2025, 15:00 – August 15, 2025, 19:00 (UTC+8)
👉 Event Link: https://www.gate.com/candy-drop/detail/BTC-98
Dare to trade. Dare to win.
Chrome V8 engine Sentinel Value leak leads to sandbox escape risk
Sentinel Value Leak and Chrome V8 HardenProtect Bypass
There are a large number of Sentinel values in the Chrome source code, which are typically used as termination conditions for loops or recursion in algorithms. Recent research has shown that the leakage of certain Sentinel values may lead to arbitrary code execution within the Chrome sandbox.
In addition to the known TheHole object, there are other native objects in V8 that should not be exposed to the JavaScript environment. This article focuses on the Uninitialized Oddball object, which can still be exploited in the latest version of V8 and has not yet been patched.
It is worth noting that this method has wide applicability. In several reported vulnerabilities, the leakage of Uninitialized Oddball could lead to remote code execution. This highlights the necessity for a thorough audit of software that may be affected by PatchGap.
Most native objects in V8 are defined in the v8/src/roots/roots.h file, and they are arranged adjacently in memory. Once these objects are incorrectly exposed to JavaScript, arbitrary code execution within the sandbox may be achieved.
To verify this method, we can modify the native functions of V8 to return an Uninitialized Oddball object. In this way, we can achieve relatively arbitrary memory reads in the latest version of V8.
The core of this bypass method lies in the fact that the optimized JavaScript function does not sufficiently check the type information of the array when accessing its elements, but rather directly calculates the offset to retrieve the value. This leads to type confusion, allowing arbitrary reads.
The suggested fix is to add a check for the array map when returning array elements from the optimized function, avoiding the direct calculation of array values via offsets.
In addition, we also need to pay attention to the potential Patch Gap issues that may exist in the software supply chain. Some widely used software may still have not patched such vulnerabilities, providing potential entry points for attackers.
Overall, there are various Sentinel values present in V8, and their leakage may lead to security issues. Future research directions may include: exploring the effects of other Uninitialized Oddball leaks, assessing the feasibility of introducing Sentinel values as variables in fuzz testing, and more comprehensively examining the related security issues. Regardless of whether these issues are formally classified as security vulnerabilities, they could significantly shorten the time for attackers to achieve complete exploitation.