Google Chrome Security Features May Not Impress Web Surfers

Google has outfitted its Chrome browser with a number of security features designed to help Chrome make a splash in a market still dominated by Microsoft Internet Explorer.

But whether or not the features are enough to differentiate Google's browser remains to be seen.

For the most part, Google Chrome follows the footsteps of other browsers, especially with its blacklisting of known rogue sites and its inclusion of an "Incognito" mode. Like Internet Explorer 8's InPrivate Browsing, Incognito mode allows users to hide their Web surfing histories, and no cookies are stored beyond the lifetime of a browser window.

Also in the area of security, Google decided to sandbox the rendering engine.

"What this means is that for an attacker exploiting your computer to get bad code on to your computer, what he has to do is he's not only got to exploit the rendering engine but he also [has] got to find some way to get out of the sandbox," explained Ben Goodger, a software engineer for Google. "The sandbox prevents the rendering engine from being able to read or write to your file system, mess around with your registry or even mess around with your desktop. So that's an extra layer of security."

Running each tab in Chrome in a sandbox allows a Web application to be launched in its own browser window without the ability to write or read files from sensitive areas. Plug-ins are run in separate processes that communicate with the renderer.

Still, with security becoming something of battleground for browsers of late with the beta version of Internet Explorer 8 and the new versions of Mozilla's Firefox and Opera 9.5, Google's moves may not separate it enough from the pack to win users over.

On the plus side, Google Software Engineer Darin Fisher said, the open-source code ensures that security researchers and others will have plenty of opportunities to bang on the product and make their feelings known.

"All this code is currently open source," Fisher said. "Basically it makes it so that security researchers have a very acceptable product to work on, and they will come out of the woodwork to share their findings."