Common Tasks

Recent Posts

Community

Email Notifications

Personal Links

Archives

Security Protection - Harry Waldron (CS)

Security Best Practices, Breaking News, & Updates

Google Chrome - Only browser to survive recent Pwn2Own contest

Star Recently, Chrome was to only browser to survive recent the Pwn2Own security testing contest.  The code quality, sandbox isolation design, relative newness, and lack of major security testing were all contributing factors. Chrome is also a relatively simple browser lacking many advanced features.  Sometimes less flexibility means less manipulation.

I've been beta testing Chrome since it's introduction and like the speed and even the simplicity of design.  Still based on this test I'm not going discard IE8 or Firefox 3 as they offer good defense systems. They have stood fairly well from constant attacks and they are patched promptly when issues surface.

PERSONAL COMMENTS ON GOOGLE CHROME'S SECURITY

-- The sandbox isolation design is indeed beneficial from a security perspective
-- Chrome is among the newest browsers written from the ground up and avoids a lot of the legacy issues for W/2000 and supporting prior browser versions (like IE has to do for compatibility)
-- Chrome is somewhat untested in-the-wild.  Firefox, IE, Opera, and Safari have been available longer
-- Google has been previously ranked as one of worst companies when it comes to privacy concerns (e.g., their sharing of IP addresses from searches)
-- Chrome has been patched along the way for security issues.
-- Most likely Chrome has been fuzz tested extensively given Google's extensive resources and the code is probably high quality. 
-- Still "code is code" and no software product is totally invincible
-- A browser can't save users from themselves (so "think before you click")
  

Google Chrome - Only browser to survive recent Pwn2Own contest
http://arstechnica.com/security/news/2009/03/chrome-is-the-only-browser-left-standing-in-pwn2own-contest.ars
http://i.gizmodo.com/5177067/chrome-is-the-last-browser-standing-at-pwn2own-hacking-competition

QUOTE: Only Chrome was able to withstand the first day of the event thanks, in large part, to its innovative sandbox feature

Google Sandbox Design contributed to safety
http://google-chrome-browser.com/new-approach-browser-security-google-chrome-sandbox

 

Comments

Fred said:

"Sandbox" sounds a lot like what DEC was doing with VMS more than twenty years ago.

# March 25, 2009 2:55 PM