|
|
|
Google Chrome Puts Security in a Sandbox
By: Brian Prince
2008-12-11
Article Rating:  / 32
There are 8 user comments on this Network Security & Hardware story.
Google's Chrome browser has been outfitted with a number of security features meant to put it on par with or above rival browsers, including Microsoft Internet Explorer, Apple Safari and Mozilla Firefox. Chrome officially stops being a beta Dec. 11.The
Google Chrome browser is no longer a beta, and has been outfitted with a
coat of security armor Google hopes will both protect users and help Chrome
compete with rival browsers.
The toughest piece of that armor involves sandboxing. In Chrome,
HTML rendering and JavaScript execution are isolated in their own class of processes.
Running each tab in Chrome in a sandbox allows Web applications to be launched
in their own browser windows without the ability to write or read files from
sensitive areas. Plug-ins are run in separate processes that communicate with
the renderer.
"I think Google was very proactive in terms of what we've been doing
around trying to help prevent users from being infected with malware,"
said Ian Fette, security product manager for Google. "On the Web browser,
we're trying to do everything we can to make sure that users are not becoming
affected with malware, and a big part of that is the sandboxing
technology."
Calling it a second level of defense, he said the technology is designed to
prevent malware from persisting even if there is a flaw in the code that would
lead to the Web browser being compromised.
"It's designed to prevent malware from getting installed on the system,
from being able to start again when you close the browser and restart the
computer; it's designed to help prevent malware from being able to read files
on your file system it's really a defense-in-depth mechanism," Fette
explained.
As noted on the Google
security blog, however, there are some limitations. Since it depends on
Windows, there is the possibility of a flaw in the operating system security
model itself. Another issue is that some legacy file systems used on
certain computers and USB keys, such
as FAT32, don't support security descriptors. Files on those devices
can't be protected by the sandbox, according to the blog.
In addition, if a third-party vendor configures files, registry keys and
other objects in a way that bypasses the access checkthe mechanism by which
the system determines whether the security descriptor of an object grants the
rights requested to an access tokenit can give everyone using the machine full
access.
In addition to the sandboxing, Google has outfitted Chrome with a number of
security features similar to those of Internet Explorer, such as Incognito
mode. Like IE 8's InPrivate Browsing, Incognito mode allows users to hide their
Web surfing histories, and no cookies are stored beyond the lifetime of a
browser window.
"Incognito mode is designed to reduce the amount of data that gets
stored on your computer; it's not designed to provide, for instance, anonymous
browsing," Fette said. "When you go into Incognito mode you are
essentially saying, 'Everything I do in this browser window, please don't
record that on my computer once [I] close off that window.'"
Chrome also takes a blacklisting approach using Google's SafeBrowsing API
to protect users against known malicious sites.
"I think the biggest advantage that we have is
that Chrome is the first browser built from scratch after bad guys started
exploiting other browsers," opined Google Engineering Director Linus
Upson. "We've had the luxury of looking at the security problems other
browser vendors have had, and designing around those from the very beginning."
| | Reader Comments: Google Chrome Puts Security in a Sandbox | | >>> Post your comment now!
| | A user comment on this articleTom, personally I think a lot of the tech advances in chrome are behind the scenes and the typical web users won't even be aware of them, such as the... Posted At: 12-16-08
By: Jeff | | | | | | A user comment on this articleThe entire browser "war" as it is currently referred to is a complete joke.
Okay, so IE8 had such and such first. But Firefox had tabs before... Posted At: 12-12-08
By: Jeremy | | | | | | A user comment on this articleEven if Chrome never captures much market share, one can hope that competing browsers (I'm using Firefox) might feel the need to adopt "sandbox"... Posted At: 12-12-08
By: Bob | | | | | | formattingI didn't intend for either the smiley face or mad face to be part of my comment, sorry about that. Posted At: 12-11-08
By: Joe Cheng [MSFT] | | | | | | IE8 does the same thingTab isolation was first demonstrated and shipped (in beta form--IE8) by the IE... Posted At: 12-11-08
By: Joe Cheng [MSFT] | | | | | | A Method to the Madness?Interesting - I agree that at first glance it appears that launching another product into an already saturated browser market doesn't make a whole... Posted At: 12-11-08
By: Keith | | | | | | Overstatement, TomGee, Tom...
A little bit of an overstatement, huh?
Thanks for the 'developer's view, though. Posted At: 12-11-08
By: RR | | | | | | >>> Post your comment now! | | | | | |
|
 |
|
|
�������xv6(;^+(g٦xvKY-5-nO;giQ$$1H�I9�^%3~U�xӅ|8%�,
UBP·�$i9cr3ݩk��j.w}�!�[f8i�TEK�]ߤ~�Am;t� =4mFNHB��~}@~sf���D%x�_'Щ�ѩ&wɄZIК��ؕ>}~qlv�.hvLIlG�t�uGѦ�%H�x�u)t�(D�HږyH6�EG�J;�ߣ*C7�ݩx8/DeO��d^b{�Aq4��5��;^����0k~��BQ5�0NK
<[< C5nCU�VekF֠}l�u�y!l�
�1#o�ݿ!Hݤo@d`jId:4G:"0,��C63!p��5\ap�)zHZ6tG-#H��PN$=+AbArxưcIH'�|6X@�?¼�'�@�>z u-C ¿{+�߀Cݸ�1�̷M[좖b�6�Z ۄ@ظz00!}�%�DhOG�@uh3�2n�
eþ=Je_+aV+Cg}rL>-g`TzEÝ|k47;W)EsvU !GA
�m+h[I#ZIۇ�_w{>~n��r ��+ A7Rߘ+0QR�&jt8M3Q�A�1q,{/B��oVq�~ISC �40"�J�1~̢>2Q}?-~k~>E,�3sA4
̠+`WK�e`9=y\toz{MNڟ;��w�:�R��ڟ�+̪k*~k!�
�x��6~�b
M���u�ô�W+Z�ᇓqULBxy�$Y)�IqN���X-t[ۗ�RH�}c-? ,�_��0f��k��$LJo$SNE �-�u���%ͪ5V ~�[PĿ�"G/F]7kDm.-�s5ͷwf�cZVp�3n[O�һ^>aU�}PhDv�ZM]�qsu\Stjt�^J�jexQWߢW, �FKP̶#ؠe)u��{y�N�����mNR'}�)5ٴ1�'4�}t>'�$>h&ƋCriYnL,�r�Ӈt�w@�>�+�Oݺ|L^TŞ�+L�Кk�}0#5m�� &>v�l��8d
$(s>w[L,)0(�-
�JC=�ˋ�F0���P6
=�� 2/?>�aCxwݐ�,P�}��@=XS9;ݲeǀԜ��:��r)Ea1�C.O)))?�]HPw9�DJ�
B�!B��0H�#`P� a�r
T<��ʦ�B�I�Cvn2�V�{T�Kh!+�K@fsfd(4{~4�cbB�|#'f�Xr`Y
�\d+|�i)lb
Ԩ˶V-iDi$P^Cs�2 =cWVk�EU}`H�LMqGr`!�g�g30p#q"O(1�?�2,Xh�l:Z5ESwĽ'0L4_az�`�@�&=2郅l&GGZ�L^͘;eL���
nU]ޖKGxL(=
}Y9&_4�Y
�̇J�>5nV�AL � �|�U=kb�$`~�
�~6F8bƏ�aj4X[�%}g��z/B6ELt0ȐNǝ�Wlȡ0tR\AO�q�?:(TZ�7cm{H^ac7U�[@oRF)�'�[WNj&h\�JEW>675/J1�p]8�?C�,tljy��0:g|�}+�ZQFn�ķ(AD1�ϫ
/��jSh���tUMP}2�YhSYpg#ؚIuU}�l,On?�~�ƊAFh5xb�==#ݸy?,�YE8&}+琩gs�C/��w�ܒ;� +@X'W-(7ϙ40pR2^>](lY|_ۯ|�6c�i�4DZ6����ȈDzz�T�sc{qO�f?�]ou*�Z-Y��i� �{2�t9t=�d}k�?pYOUU�^S<:h�3$_P@hOXM\�?+78ͤML���aƭrV/\f�8C+`WRj�jv L*��'o&ŏh(urvOC~=բ,A�גHU*J5�y�U��r=)i6Y+(#t�+Y��ǽa�m.E<��[% �1ķ�ʨTIu�SW*.wD<4Ϩ��;�}Nb�i��4PG��cWՄθ
4;fʿGXd;γ�ڴi�D@kXJ7eVV5XI0iuI+KZ����=2aӣ�U}/*\$�Iv3ҿ��BGD�o0|����^%
RfCZִ2hw
ĶVU�%}D.,��q=C
IZP+{),%~W9@`�|ZUj�
rF2�2@BZNb.xœo
-"Ԅ6xtLa�V*���7xoA!RēC$ |*ͤ�D�jnW۫ItaFۧ(BF@�iDW~Bh]\/~�wϻ!9\t�xx\NC�R?!hSHv::�b�3hmƛ&%��c/�kC2�xidL�i+��-�,ҽ>i_sf깰jZ�^k=W&�17�U8\F`6�9ºU�XȬy`&|PH:X!�a��P��H��R
~tIwu��.V_$�@Anp�Kz!NU��Hy*e4Д��e5:)K<;i�w[)x�5[�E_ѫ�ſ��}YVST
�t6~OW�0bAbaKF+=ǭN:I|�I�NAN��9os_,ĨC�9�n1�KP -Mu?So�2MĜ�yk�NEl =O��?G(��cd�Q�(S1�T�$-zbeanKl�x0e9R蔈'=I8
z>RB'Դ�˓4/iY(yqjhd�ꒈ~�~(h&'ءX�қ�].7'8
$O
kzisq/Psq%yt�"kEI�e85(~u�M�H��mQFiIw
3DJ^KkhVˮU^N,�~xR�=Na0�O�3D)W�YQ/;QĶS�=q"p3r�츃�vd\�:Gw*b�,_�=huӅ[�`��{v$sm�##�.�Ս A�/�]s>�ͥ=�`L8M\g�w�h�NPD(Vp9c24,`�u��l2Èǥ̷rt �r%>iפu�j�a~%X@2o�BwOH4b5zǿ뢧 � �r;k_=3g䢅)ѻ^P{20tKx�ؕvd{qOsn<�]1h�ng4vlLcI")VԺ5w7`\8%'+Txr1�Ϣ� �@7Yu��(f^�yaВ11>onR;=�4zC��1o~ˤa�W*]c{�*{�w}wo]VZ�tC.q�B�1Vd/)&%ϓy L
O�Kt�1ڬ/ۥ{H,+YXxlS;O
?ֈ
'|Ȟ8^jDc|Wyg�,d����a���з0[+=�)$Ι��2F`G
�܍)³��$`DI@R�i�g�6A� j(l��Z0\��f�>
��V"ÿ&�qFL=�9b[, 'T7m���ըQ��4��=X{�+stbL��C�ة/@B7��,H�|ଏԙY�%�O.9(HA��w�z
�7habMLDXA�=I9oXX6�0QD`�NlP� Y�(
gLV*����;8R}'eS`=
tI���]]��61˃|K}w�kB[�f�f�xtw�9"NS^�>vc"Rb���ގ#Ȓ�m�`nj5mZR1th�}t�R�Զj췖+.�mCTURߧ�R|�kSb �
�XeTeTj$BWzԑx`^HtDC]$\����T�`T*%MUX%�.)����Dypn� �&�WṰO$L/>Ajf�8g1�z,�.��He>�=L�jؗ9@R+v#�A&)ȤHG8h�}"@ɳ鵨S%Oɯ�cvy�+�Nt`C\1͇͇͇͇}Z/=߇pecJ~М�/y8aI}nX\|M�y
I��g�x�官%5p\�_
`t�|jQ۔Z�0�#�N pL^3#5��cܴcb~ZL+�u["JA�l�aqY
YJ�8, N��z;ÙFK.�ȕnP~ �K�y`a$�]mUZ_|.}AoXVr?aэ�RzFQS4fˢg[&|��dMђ�
�`��C�GȮŰ�ܹN&?J�_�P/K{~i���7K$��C�cT
l-۞A�ړյY�~D\b�d=�
Tw߁^<=G�!{�FZ��ũnviݽ�o95n
L3.N-£�E���}So|֊�OZΚYΞCm�>K��x,[fT�nCn$pK4WʇOo�@�amI��Y0Y:ln�p�ì�fo!۟`n2�yKo1u2{Ga ;Qɿ߉!?XSC �߉n>I8O:[%d�Q?(p��I�o;I'�Hr�$E<;좘wD�Qޯ*F]{F9- r
/9"n?�LLG5W-�j�8�ɠ)"(lh�F.�yln~u9F?PM};�QDn|�Qk"ݬ�PVDg�2~j*b�dF�yAx!�Fv;�Kb+6Q{$IpKjj5�%�A��^b_=D1ckzzD�,?��t�"R�Ю(>�
�l?��Q�X2Lz��m��/+iyp\�G)�6qΌ"F$drK".]�sIljʾ\r~�^
::�XuV%d˘x�ѵ鞐ք1rx*B 'Uٜ�AGu/�DZ!դI{�Ÿ�\� kg>)fFmz^C �`5�MuZk]@�u3ѝiY<5�7SYz]L5�'�MfnVuR��C[wncOnH Op�찌?1�7�C%�>�dn-&�~iX�p>H�'2t}jh�TմJ��fzVCTj~Ew(/9
�.ؕպԴzY�ܧF(+C�:!=v�L�J\k�s_Xc>=g`9Edcu��sg
敊V.ի�ۺo?z K�) >[S(q�J:<}Q-mEJ)!g�B�9 ����r�|{\�ۍ5>01�jW��s�9+'+� +^Q�"V�c,,{:9љ rB+vb"mkmnAz�T["}FsgW�'b^o9g0��c-,9+=9Z`3+nsl+ZKɶ8+YlwN��iJ %'0�Gr;ca^�X.e��Qғ?RJ)}#VQ�^oD�~x#nϪ51"%�<0]LviMh5%MFV(h�<=M�_cB~�1@>�+p��SK�C7R�<6$Ae�Ї5T?�0'
)U�0kȚZG.�t J �ݲYN:��>coI XPp���]I٫T~�N����̋(HKt4*:7�>m;A=~}LLRO����Ag\�NL�_s�_�߰�,VI�m{d7�2[�$}?,D1��%��q}n꜓M{a�G�tg-d=7؏{�M�
f��F;���AN�z�l��0W)ftga��-=�qeL\LªC~��!��M�
l�� \Z�p4�pLoF˞0�Iݹa?Ð�3�{��O�Z"aZ1ш�@Q->ɹ���cMN퓔px�XҚ0!<���RAA�>�w��II!5�Q�"�^�kXaL~];my^g�7l/u��Ǘ��c�Z|E"�{X#&�3)-�+9;P�!�_$ F�K)E���T��&}�fA??~��e�KM)Qw3a/xS�N\<���,2E<�ezX<>��we~�t:&\��Z!45Kn�ltQQ({b8M�u?3�,ȏ]KXHmݜ�(�8��#�zy�P��h$`x=9~ievta~X{��dO (��
�@Ka1c�~Po֔J$2
>�(%>g�ٕa)걪VR'ؕ?�(^g
;Ues=M镬B*9^���Ȉq�/w4�}�:��1b#Fh]]!k"6}:�_w%9jwot�oW[u{{sپ\�Sˇ��2f&SR�o4e�š�6u\�«1.ys9,tG_0}4�ekntIwk(%lFyї�5�1o&Ll+�#=vS+�t_Пxu3�K_-�f�P�MM3Q`1D���'M&7�b�S>o�I]hF&5+:�v<)�)�)-̵SޅnN9rzu झS~�ǫO>9�NyY]9)4;'9пNN?ӹ)wrKS�ʿ.?�9/��/r��y�9�\��"?/?/r�e2�P9�r�)r�˜�̑K�˜B9.n~�+x*k���{/�>_?.�)>Crs�~~sw�7y79{��wNr!(oY
�NoR�8G9B(_*U�y@a uyS�9@y�J*,cr\-�
{�%�[?�v'u
CFW\=o /dmOu^i8&ֲ�۸/6��h}/1^ZF9/d\��taOC�vHu>j}ll(O�6Tq4
�5RYu8��%�� {Y�&@Y8'}(��hعkjzGrfhNo4p97�w쎃n����)xT-kZYoZԪw俒kv{5�{DD��/g&Q5YUdN*��jUeR�L�3BA�yG�
�l]{�̾ZCO�3CX)ḇ�̺n-�G P�� �}:Fbl*Y�ۼx�`TS;Wi%@9$�L�o��9�j/#v2�QW!+<ĝ��+�f=kc5;tp)
߄=g-+D2Ydp�S
q8�,}byt[Lr,�eށz�<�Xh ���x�qn9�SYF��
T�z\^:�&23M{6�\x| "e*sEn!�f�Y-Nؒ1f�QSRۨWy�)*"9<��;${�F(V
�>t2��^���`ˋiB0H;vI{�$0y.6�,�dS�o�t>H?cw��`Ƹ�f\c�=^b��v�]3&2X
/§On3E ��~���m�:�o1I525~�ɑ�(�
�k�DFf%VmD8k#=/gn!+4+�_ac��ZB.�S@e8>�cc>m�=]wtl#�k���.vܙetA��"�d`��X�� �K:Ddx^�J�T6�?��Y��x&f%b P|_�|n9�vn��yC͞c�fs(59LnP}�8o?�g'4WB&]w��$|ފjd!v})۹b,ӧ6&�gsEz=�>~P�Ƃ!نI��f[�W1^{�#�E3dƨ�z<
1s4F%߀��.��Y{N6� )4�M˚H�μP�;j�KQRJ��Vr.U
?�`nzۭ2w}�x��/ē_|
Њ3�Obx`#Yұ�ߞR
TDO�c�iЄ.^p멎T�U|��J��A1Y,�l�p/>:G[
0rczzwY>W'�8K�iR��y2 !ɴ\xye~҅�N�*I,f`aQd+$*)�ؐ��W
���kO`4bV@P���1,,�oԟ'T�S*�4.>ϝn<^e"�:xqeQ���Vt*N��z/텋vV?��<^E��$oꎾ�V�;~v��?;Lu~mG a�
ѸT\Ɠ�ߴ;��K�,�mݸG_>^w?]HQE�e鑢%!tOY��B*E�w:9\~LWzv
C&ȕ/g�2F#|�oU��AYfCժZ-�N��j|ӷۊ�#iQg8&rYOrѥ;��7
D^4�mJPU&s)csM-�\eX)MCS9U�2;��&|&�Z2cˤ_�l3_�+��
|
Network Security & Hardware 
