Google Chrome Security First Look
Google has announced a new browser, called "Google Chrome" that aims to improve the way applications are delivered on the web. In typical Google fashion, they've created a comic book that depicts the features of the new browser. The browser should be officially released tomorrow at www.google.com/chrome (edit: site is now up!). Below are a more details I've gathered about the security features of this upcoming browser.
As they say in the comic book "when we started this project, it was a very different landscape from when other browsers started." This difference in focus is apparent due to the plethora of announced design decisions which, if done as stated, should create a much more secure browser. Read on for some of the details.
Everything in its place - process separation
In Google Chrome, each tab of the browser will run in its own process, and with its own resources and UI controls. In this way if a tab misbehaves, it can be easily killed. The browser chrome will run in a separate process, and also include a task manager.
Sandboxing - the return of Greenborder?
Rather than relying on the OSes ability to protect information (they go into why they don't use Vista's integrity levels, for example), Google Chrome will sandbox each process (and in Google Chrome, a rendering instance and JavaScript VM is a process), so that there are two levels - the user and the sandbox. The key to the security is that no actions are allowed to be instantiated from within the sandbox - all interaction with the sandbox is initiated by the user. This is one of the key design goals to Bitfrost on OLPC - that the user should be in control of the interaction.
Back in May 2007 Google purchased browser sandboxing company Greenborder, and this appears to be the offshoot of that acquisition. Greenborder has been in stealth mode since the acquisition, so this appears likely.
The plug-in dilemma
Of course, browser plug-ins are created by third parties whom Google has no control over. Google has dealt with this by breaking out the plug-ins into separate processes. While this doesn't prevent them individually from misbehaving, they've reached out to plug-in manufacturers to provide sandbox-capable versions. Although in the past these plug-ins have generally been badly behaved, I think there's a chance this may happen - recently Adobe opted into Vista's DEP for example.
Phishing protections
Google Chrome will "continuously" download updated lists of malware and phishing sites, similar to what the Google Toolbar has been providing. They are making this API freely available, as they've already done for Firefox.
Conclusion
It'll be interesting to see how well this new browser is accepted by the user and business community. Hopefully, even if it isn't taken up, some of the focus on security will be taken up by the other browser manufacturers.
Update: Google Chrome's User agent string will be:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.X.Y.Z Safari/525.13
Update: Google has released the source as well, it's at http://code.google.com/chromium/
Comments
2 comments postedYesterday, the Democrats.org blog featured an excerpt from a story we received from Kristine Reger, a life-long Wisconsinite and mother of three who attended President Obama’s Health Care Town Hall in Green Bay. Today, we asked Kristine to write a guest post to share her full story:
Hi everyone. I submitted my health care story to Organizing for America online, and they’ve asked me to write a guest blog about my experience. Here's what I can tell you:
Though I'm a lifelong Democrat, my husband and I raised our three kids in a mostly Republican suburb. For years and years, I kind of rolled over and skirted political conversations with my friends and neighbors. I didn’t want to engage in debate.
Then last fall, after more than 20 years, I finally decided to have the courage of my convictions. Barack Obama inspired me to get involved. I wasn’t happy with the direction of our country and I thought to myself: enough is enough. I spent lots of time researching the issues and learning about then-Senator Obama’s positions. Eventually, I figured out that I could make a real difference in my own network of family and friends by reaching out to people through email and responding to all the emails going around that I knew weren’t true. You know what I learned? My friends are still my friends. People have started coming to me to understand what’s going on; they rely on me to tell them the truth.
Since the election, President Obama has inspired me to stay involved. I think he’s so sensible and so right on so many of the issues I care about. I woke up at 5am yesterday to attend the Health Care Town Hall in Green Bay. It was fascinating – great questions, so much excitement and not an inch of space in the room.
Unfortunately my health care story is not unique, it’s typical. My husband and his business partner run a small machine shop their fathers’ founded in the 1950s. They’ve always provided their employees with single and family coverage, but as premiums have become more expensive, they’ve been forced to modify the kind of coverage they provide. Between this year and last, costs have increased 8 percent. In order to continue to provide health insurance, they’ve had to switch to a high deducible plan. Last year, they paid $132,000 in health care costs for a plan with a $2,500 deductible. Those costs are cutting into their profits and eating into our family income. Truth be told, the policy isn’t all bad – there are actually some great things about it. For example, all our preventative care, including physicals, mammograms and colonoscopies, are covered regardless of whether or not we’ve reached our deductible. That focus on preventative care is great - its something a reform plan should build on. But when you add up all the costs of our plan, we have to spend an awful lot to receive any of the benefits.
It’s true that we’re in the midst of a terrible recession. But I don't think maintaining the status quo when it comes to health care is an option. I keep thinking if small businesses like my husband’s are the life blood of our economy, how will it ever bounce back when small business owners can’t eek out a profit because health care costs are so high?
Everyone I know cares about this issue – my Republican friends care just as much as my Democratic ones. We’re all living with the consequences of a broken system. Though we might not all agree on the exact solution, we all agree something has to be done. If people see a part of themselves in my story, and are inspired to get involved, then maybe we’ll be able to make the people in Washington pay attention to us and get something done.
Kristine Reger is a life-long Wisconsinite and mother of three. She worked as a high school English teacher before staying at home to raise her children for 19 years. She is currently a self-employed travel agent. Kristine attended President Obama’s Health Care Town Hall in Green Bay, WI on Thursday.
porno izle | porno tv | sex movies | free porn | erotik shop | seks shop | azdırıcı | Sex shop | zayıflama hapı | diyet hapı | zayıflama | zayıflama | porno izle | zayıflama | erotik market | seks shop | geciktirici | sexshop | porno | göğüs büyütücü | Youporn | Penis büyütücü | Penis büyütücü | Erotik market | Eroksiyon hapı | seks market | Penis büyütücü | Penis büyütücü | sex shop | youporn.com.tr.tc | Sex izle | sikiş | porno | sex | seksshop.com.tr.tc | sexshop.com.tr.tc | erotikshop.com.tr.tc | pornoizle.com.tr.tc | freeporn.com.tr.tc| geciktirici | geciktirici | porno izle | porno tv| free sex movie | sex movie | cinselmerkez.com | müzik dinle | mp3 indir| erotikdergiler.com| sexshopum.com| free sex | sikiş
Views from non-geek end-user:
Can Google integrate a feature in its browser which identify and block such outgoing information, and ask for a passworded approval to ensure that a responsible household/adult/computer-owner is approving such transaction?
http://google-chrome-security.blogspot.com/2008/09/fresh-take-on-browser-security.html