, SecurityFocus 2008-09-04
When Google unveiled its browser on Tuesday, the search giant boasted that the software's design puts security front and center.
The browser, christened Chrome, takes a minimalist approach to browsing by doing away with extra bars and buttons and putting the tabs on top. The real difference, however, appears to be under the hood: Google has coded the browser to use a separate process for each tab and to sandbox -- or jail -- the applets running in each tab, protecting the application from crashing and the user's data from prying eyes.
"What we feel we can do is raise the bar in security in browsers," said Darin Fisher, a software engineer and Chrome developer at Google. "We think we are raising it fairly steeply by including a sandbox."
Browser security has never been more important. Attackers are increasingly compromising legitimate Web sites with infectious code, or sneaking malicious ads into advertising networks, to spread bot software and data-stealing programs. Last year, computer-security researchers at Stanford University found that $100 could buy enough advertising impressions to potentially infect 100,000 users. In April, security professionals warned that the lack of input validation put Web sites' databases at risk of becoming co-opted by attackers.
Browser makers have taken the threat seriously. Both Mozilla and Opera have released updated versions of their browsers with the ability to blacklist sites hosting malicious code. Microsoft's Internet Explorer 8 will have a similar feature as well as some protection against cross-site scripting attacks and the ability to browse without saving cookies or the history of Web sites visited.
Google's Chrome will also include the same anti-malware technology as Mozilla's Firefox and also offers a privacy-enhanced browsing feature called Incognito, similar to Microsoft's private browsing mode. Yet, other features are missing, said Billy Hoffman, manager of Hewlett-Packard's Web security group.
"They really have no features at all to help users understand the security of the Web sites they are dealing with," Hoffman said. "Their security is focused on protecting the operating system from the application."
Hoffman likes features such as Firefox 3's easy access to more information about the current Web site, including whether they have visited the site before, whether the site is using encryption and the ability to view stored cookies and passwords for the site. Hoffman also likes Microsoft's attempts to protect against cross-site scripting flaws and cross-site request forgery, he said.
Yet, viewed as an incomplete work-in-progress, Google's browser is a good start, said Jeremiah Grossman, chief technology officer for Web security firm White Hat Security. With another company in the browser market focusing on security, the competition will result in better safety for users, he said.
"Competition does good things," Grossman said. "Not only do you get better quality of code and better quality products, but you get more choices in features and more focus on security. Security for security's sake does not get you very far."
Because Chrome is Google's browser, the software will also find itself intensely scrutinized by security researchers, he said. Within 24 hours, flaw finders will have likely found the first security vulnerabilities, Grossman added. (Editor's note: Indeed, in the first day, two researchers found flaws in the software, including a variant of the carpet-bombing attack.)
"Attackers are very clever and researchers are very clever," said Brian Rakowski, product manager for Chrome at Google. "If something does come up, I hope that people judge us by our response."
In the end, whether the browser measures up will depend on its ability to weather the assault of security researchers and the company's ability to deliver on security features as good as, or better than, those found in other browsers. But, for Google, the success of its browser project will not be in taking over the market, but making the products -- including competitors' software -- better, said Rakowski.
"Security is important for the health of the Web in general," he said. "We don't want to compete on those features. We want everyone to adopt them."
If you have tips or insights on this topic, please contact SecurityFocus.