Security Architecture

Wednesday, September 10, 2008

Chromium helps protect your computer from malware by running some parts of the browser in a sandbox.  The sandbox tries to limit what an attacker can do after exploiting a bug.  In particular, the sandbox aims to prevent malicious web sites from automatically installing software on your computer and from reading confidential files on your hard drive.

The two main modules of Chromium are the browser process and the rendering engine.  The browser process has the same access to your computer that you do, so we try to reduce its attack surface by keeping it as simple as possible.  For example, the browser process does not attempt to understand HTML, JavaScript, or other complex parts of web pages.  The rendering engine does the heavy lifting: laying out web pages and running JavaScript.

To access your hard drive or the network, the rendering engine must go through the browser process, which checks to make sure the request looks legitimate.  In a sense, the browser process acts like a supervisor that double-checks that the rendering engine is acting appropriately.  The sandbox doesn't prevent every kind of attack (for example, it doesn't stop phishing or cross-site scripting), but it should make it harder for attackers to get to your files.

To see how well this architecture might mitigate future attacks, we studied recent vulnerabilities in web browsers.  We found that about 70% of the most serious vulnerabilities (those that let an attacker execute arbitrary code) were in the rendering engine.  Although "number of vulnerabilities" is not an ideal metric for evaluating security, these numbers do suggest that sandboxing the rendering engine is likely to help improve security.

To learn more, check out our technical report on Chromium's security architecture.

Posted by Adam Barth, Collin Jackson, and Charlie Reis, Software Engineers

8 comments:

comment gravity well said...

orrr... and here's a super novel idea... don't surf the web as a privileged user

September 14, 2008 6:53 PM

Octopusfluff said...

Your 'solution' assumes that there's only a security risk if you run the browser with privileged access... This is incorrect.
Even if you only use your browser as a 'regular' user, exploits in the browser can still result in access to your files, or even the execution of arbitrary code. Once it hits that point, local privilege escalation exploits can make the question of what account you use to browse utterly irrelevant.

September 15, 2008 3:29 AM

Liam said...

That sounds great and I love Chrome. One thing that I would like to see as a website developer myself, is a way to have each tab be completely independent of all the other tabs.

In other words, let's say I'm testing a site and I want to login as two different users with different security access to the same site, I can't do that now. Or say, I want to log into my personal GMAIL account on one tab and my "professional" GMAIL account on another.

IMHO that would make Chrome the browser of choice for website developers.

December 12, 2008 1:06 PM

ahmeeeed said...

thanks very much ..

.........................
منتديات الابداع و التميز
http://ebdaa.yoo7.com

January 22, 2009 5:02 AM

المعلم حمادة said...

thanks ya man ,,

http://ebdaa.yoo7.com


February 11, 2009 1:14 AM

724 said...

Thanks for the good work. I have decided to install and try Chrome when I read that Chrome was the Only Browser Standing in Pwn2Own Contest. I also shared it on my blog.

March 22, 2009 11:04 AM

Seem said...

thanks. It's better then I read before in your note "A new approach to browser security: the Google Chrome Sandbox".
But i would like to find a compare with Microsoft Web Sandbox? and virtualization solution for sandboxing like icore ( http://icoresoftware.com/ )

April 21, 2009 11:55 PM

ahmedalaa said...

thanks ..

منتديات

May 7, 2009 1:51 PM

Post a Comment

Subscribe to: Post Comments (Atom)