Wednesday, September 10, 2008
Chromium helps protect your computer from malware by running some parts of the browser in a sandbox. The sandbox tries to limit what an attacker can do after exploiting a bug. In particular, the sandbox aims to prevent malicious web sites from automatically installing software on your computer and from reading confidential files on your hard drive.
To access your hard drive or the network, the rendering engine must go through the browser process, which checks to make sure the request looks legitimate. In a sense, the browser process acts like a supervisor that double-checks that the rendering engine is acting appropriately. The sandbox doesn't prevent every kind of attack (for example, it doesn't stop phishing or cross-site scripting), but it should make it harder for attackers to get to your files.
To see how well this architecture might mitigate future attacks, we studied recent vulnerabilities in web browsers. We found that about 70% of the most serious vulnerabilities (those that let an attacker execute arbitrary code) were in the rendering engine. Although "number of vulnerabilities" is not an ideal metric for evaluating security, these numbers do suggest that sandboxing the rendering engine is likely to help improve security.
To learn more, check out our technical report on Chromium's security architecture.