Vulnerability Alerts
SANS
 
Microsoft
 
CERT/CC
 
 
 
Latest Comments
"Good! Its very good blog the for the people who are having debit collection and credit report ..."
on Fake Microsoft anti-spyware site stealing credit card info
by identity theft lawyers | Jul 4, 2009 6:55 PM
 
"nothing"
on Ads on Facebook serving up adware
by UMAIR | Jul 4, 2009 5:54 PM
 
"Thank you "
on Search engine promises completely private surfing
by Dr. Holub | Jul 4, 2009 11:17 AM
 
"Agree that wireless hotspots are an easy way for hackers to gather information from connected ..."
on New devices make hotspots a hacker's paradise
by Patrick Hooper | Jul 3, 2009 4:06 AM
 
"Katarzyna what has this got to do with Symantec?? "
on Mobile phone directory service faces consumer uproar
by PaulC | Jul 2, 2009 12:55 PM
Web

Layered security in Google Chrome browser

  • Email a Friend
  • Print Page
Layered security in Google Chrome browser
Related Articles
By Negar Salek
Sep 4, 2008 1:09 PM | 2 Comments
Tags: Chrome | Google | Browser | Internet | safe | sandbox
Google's Chrome web-browser restricts privileges and stops access to ‘bad’ sites in what the company claims is a layered approach to security.
Google's Chrome web-browser restricts privileges and stops access to ‘bad’ sites in what the company claims is a layered approach to security.

During the official beta launch of the company’s inaugural open source browser on Tuesday Google executives said a combination of control mechanisms will ensure browser safety.

“Security typically tends to work in multiple levels,” said Sundar Pichai, VP Product Management at Google via webcast from California to Sydney. “You want a layered security model so if the first [layer] fails, you fall back to the second [layer] and so on; that’s the way we’ve approached security in Chrome.”

Chrome has adopted tab browsing and in its version each tab uses its own processer, so what happens on one tab is not supposed to affect the rest. Chrome’s ‘sandboxing’ also strips away privileges and a program’s capability to write to a hardrive, claimed Google.

Google has admitted that some third party plug-ins render at higher privileges than what Chrome allows and therefore can not yet be sandboxed. According to Google, Plug-ins are rendered in a different processer altogether.

Chrome’s beta version launched on Wednesday in more than 40 languages around the world. Additional security layers include a warning service that alerts users when they come across a site containing malware and phishing sites, using blacklists.

“First of all we try to prevent the user from going to a bad site. We have anti-phishing and anti-malware block listing so if you try to go to a wrong site where we believe you could be compromised we throw a warning and say please don’t go there.

“[Additionally] if the user still bypasses this warning and downloads something, we contain it. We contain it so that if you later close the tab it goes away and can not be read or written to the rest of the system,” said Pichai via webcast.

Lloyd Borrett, marketing manager at internet security company AVG praised Google's attempt to improve browswe security through black lists.

“However, the real problem is that the black list approach is a bit too slow to protect against transient web threats,"said Borrett. Often they’re gone before they’re recorded on the blacklists and so by the time they get on the black lists they’re not a problem anymore.”

 
Ads by Google
Thoughts on this article? Add a comment below.
Comments: 2
It's great that Google have recognised that security needs to be an important consideration with browsers. It's a shame that this beta of Chrome shows that they haven't been thorough enough about it to fix known security problems with the toolkits they've built Chrome on. But it's a beta version and no doubt these issues will be addressed with the release version. (But then again, some Google products seem to remain as beta versions forever!) It's also great that Google is acknowledging the need to keep ahead of the bad guys and their rapidly evolving ways of using exploits, social engineering and other web-borne threats to harm users. The inclusion of the malware and phishing blacklists in Google Chrome is a step in the right direction. Google state that the software checks a URL against their blacklist databases of web pages/sites that are known to have delivered malware and phishing attacks in the past. Of course, that approach is mostly too slow to protect against transient threats, and most online threats today are highly transient. The bad guys register and invoke domains, or put their exploit payloads onto legitimate web sites they've been able to poison, for just the few days they'll be able to fly under the radar and not make it onto blacklists. The bad guys either shut the exploit down before making it onto the blacklists, or very soon after. So often these days, the threat is gone before it can be recorded into the blacklists. Worse, at least for the operators of legitimate sites that have been compromised, when the threats are detected and the sites added to the blacklists, the sites show up as infected even after the threats are gone. AVG believes the best approach is real-time scanning that inspects each web page for exploits right when the user clicks on the link to visit it. That's the approach the AVG LinkScanner technology uses. This real-time scanning functionality is more effective against transient threats. The safe surf AVG LinkScanner Active Surf-Shield module in all paid AVG products does real-time scanning to detect infected and potentially-infected content as you browse the web. This real-time approach delivers the maximum protection simply not able to be provided by blacklists. Best Regards, Lloyd Borrett Marketing Manager, AVG (AU/NZ) www.avg.com.au
SC Magazine - comments icon Posted by Lloyd BorrettSep 5, 2008 11:53 AM
hi.. i like google chrome. I need to know if in future, google is willing to upgrade google chrome to work completely n efficiently with MSN IE and/or ANTI VIRUS PROTECTION free avg version..?
SC Magazine - comments icon Posted by george sSep 7, 2008 1:52 AM
Report this comment as offensive:

   * Indicates information we require to process your submission.

Name: *
Email: *
Reason for offense: *
Your report will not be displayed.  
Name:
*
 
Email:
(will not be displayed)
*
 
Comment:
(HTML not permitted)
*
 
Validation
*

Enter the code you see below:

 

 
 
 
 
 
Exclusive Data Centre - Sponsored Content by Microsoft
 
Vulnerabilities & Exploits Whitepapers
 
Popular Tags
apple browser censorship chrome crashing explorer filtering flaws google government internet malware microsoft patch privacy safari security updates vulnerabilities web