Google Chrome Security First Look
Google has announced a new browser, called "Google Chrome" that aims to improve the way applications are delivered on the web. In typical Google fashion, they've created a comic book that depicts the features of the new browser. The browser should be officially released tomorrow at www.google.com/chrome (edit: site is now up!). Below are a more details I've gathered about the security features of this upcoming browser.
As they say in the comic book "when we started this project, it was a very different landscape from when other browsers started." This difference in focus is apparent due to the plethora of announced design decisions which, if done as stated, should create a much more secure browser. Read on for some of the details.
Everything in its place - process separation
In Google Chrome, each tab of the browser will run in its own process, and with its own resources and UI controls. In this way if a tab misbehaves, it can be easily killed. The browser chrome will run in a separate process, and also include a task manager.
Sandboxing - the return of Greenborder?
Rather than relying on the OSes ability to protect information (they go into why they don't use Vista's integrity levels, for example), Google Chrome will sandbox each process (and in Google Chrome, a rendering instance and JavaScript VM is a process), so that there are two levels - the user and the sandbox. The key to the security is that no actions are allowed to be instantiated from within the sandbox - all interaction with the sandbox is initiated by the user. This is one of the key design goals to Bitfrost on OLPC - that the user should be in control of the interaction.
Back in May 2007 Google purchased browser sandboxing company Greenborder, and this appears to be the offshoot of that acquisition. Greenborder has been in stealth mode since the acquisition, so this appears likely.
The plug-in dilemma
Of course, browser plug-ins are created by third parties whom Google has no control over. Google has dealt with this by breaking out the plug-ins into separate processes. While this doesn't prevent them individually from misbehaving, they've reached out to plug-in manufacturers to provide sandbox-capable versions. Although in the past these plug-ins have generally been badly behaved, I think there's a chance this may happen - recently Adobe opted into Vista's DEP for example.
Phishing protections
Google Chrome will "continuously" download updated lists of malware and phishing sites, similar to what the Google Toolbar has been providing. They are making this API freely available, as they've already done for Firefox.
Conclusion
It'll be interesting to see how well this new browser is accepted by the user and business community. Hopefully, even if it isn't taken up, some of the focus on security will be taken up by the other browser manufacturers.
Update: Google Chrome's User agent string will be:
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/525.13 (KHTML, like Gecko) Chrome/0.X.Y.Z Safari/525.13
Update: Google has released the source as well, it's at http://code.google.com/chromium/
Comments
1 comment postedViews from non-geek end-user:
Can Google integrate a feature in its browser which identify and block such outgoing information, and ask for a passworded approval to ensure that a responsible household/adult/computer-owner is approving such transaction?
http://google-chrome-security.blogspot.com/2008/09/fresh-take-on-browser-security.html