Mitigations for this class of attack are available in V8 itself starting with V8 v6.4.388.18, so updating your embedded copy of V8 to v6.4.388.18 or later is advised. Older versions of V8, including versions of V8 that still use FullCodeGen and/or CrankShaft, do not have mitigations for SSCA.
Starting in V8 v6.4.388.18, a new flag has been introduced to V8 to help provide protection against SSCA vulnerabilities. This flag, called
--untrusted-code-mitigations, is enabled by default at runtime through a build-time GN flag called
These mitigations are enabled by the
--no-untrusted-code-mitigations at runtime. The
v8_enable_untrusted_code_mitigations GN flag can be used to disable the mitigations at build-time.