Thoughts on Google Chrome
Posted by: Ben Uphoff in Computer Security, Links to articles, Malware, tags: browsers, desktop, Malware, phishing, webIn case you missed it, Google has their own browser called Google Chrome. You can read about it in plenty of places but I am specifically addressing the security aspects of the browser. There a two key security benefits provided by Chrome that Google calls Safe Browsing: sandboxing and malware/phising URL detection.
First, each tab or window runs as its own process. This is commonly known as sandboxing. While consuming more resources, this insulates malicious code from the other pages you are viewing. The end result should be a safer browsing experience on the desktop. That’s the theory at least.
Another interesting feature of Chrome is its malware and phising link database that is used to warn the user when navigating to a potential malware site. Chrome performs analysis of URLs before loading a page, providing the user with a warning if the URL is in the database. This technique constantly updates on the computer running Chrome like an auto-updating antivirus program. More information is available via the Chrome Help site.
No code these days is without vulnerabilities and Google Chrome is no exception. Within the first week a vulnerability was found and then fixed by Google. So far the engineers in Google seem to be favoring openness and responsiveness over the slow, closed process that seems to be the norm in the vulnerability and bug-fixing world.
Some people are questioning if the potential gains in security are worth the tradeoff in privacy that is sacrificed. There is also some resistance to the idea of having yet another browser to support. Enterprises are already burdened with supporting IE, Firefox, Safari, etc. Adding another browser to support is probably not high on the list of most enterprise IT operations. I have been using Chrome for about a week now and it seems robust and very fast, especially on JavaScript heavy applications like Gmail and Google Docs. It will be interesting to see if this newcomer to the browser market takes hold but I am right now skeptical.
Entries (RSS)
September 10th, 2008 at 9:10 am - Edit
Regarding security from sandboxing, there are some interesting limitations in Google Chrome’s implementation. The process limit is 20, so any new tabs after that will be assigned to any of the existing 20 processes. Frames within a page are handled by the same process as the parent window, regardless of domain. Of course it’s still beta so may be subject to change.
September 10th, 2008 at 11:06 am - Edit
Thanks for the additional information Matt. I had not seen this limit in any of my reading. Also I doubt my crummy Windows box could actually open 20 tabs at once.
It will be fun to see if this ever makes it out of Beta. Gmail anyone?
October 20th, 2008 at 8:38 am - Edit
i have a problem can anyone resolve it? its that whenever i enter my password in my accounts google chrome browser saves it. although before doing that it asks the user,but then also denying it to do tht it saves it.