ie8 fix
madison

Zero Day

Ryan Naraine, Emil Protalinski and Dancho Danchev
Home / News & Blogs / Zero Day

Security-wise, Google Chrome is (potentially very) Good

By | September 2, 2008, 4:11pm PDT

Summary: Security bloggers are already commenting on Google’s slightly premature “Chrome” browser leak. Built on top of the Apple sponsored WebKit engine, the browser offers several security features that we have only seen so far in the beta releases of IE8. The most interesting feature discussed so far is the strict memory separation afforded by the technology, [...]

Security bloggers are already commenting on Google’s slightly premature “Chrome” browser leak. Built on top of the Apple sponsored WebKit engine, the browser offers several security features that we have only seen so far in the beta releases of IE8.

The most interesting feature discussed so far is the strict memory separation afforded by the technology, where each web application will operate in its own memory space with its own virtual machine for code execution. Keep in mind that modern browsers are practically primitive operating systems unto themselves. They handle asynchronous network traffic, user input, data rendering, and code execution. Modern operating systems, say, anything created in the past 25 years, implement dozens of technologies that allow for the safe execution of multiple processes simultaneously, such as individual memory spaces for each application. This feature, for example, helps prevent the crash of one application from taking down the entire system by not allowing applications to corrupt each other’s memory spaces.

Currently, browsers still operate as single applications inhabiting a single process space, and devote a significant portion of their codebase to keeping individual webapps separate from stepping on one another. The Chrome philosophy appears to be more akin to not reinventing the wheel, where the full-set of operating system process separation features are used rather than rebuilding them inside the browser.

As more and more applications move from the desktop, an environment that provides some means of process isolation, to an environment where one application can inadvertently take down another, the user experience will move from one of relative stability and security to one without. In many ways, Google’s Chrome technology is the next necessary step in the movement away from desktop applications to everything being delivered as a service.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Security, Google Inc., Application, Web Browser, Security Blogger, Chrome Philosophy, Web Browsers, Internet, Adam O\'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000.

Disclosure

Adam O'Donnell

Adam J. O’Donnell currently works for Cloudmark, a messaging security company whose clients include the majority of the Tier 1 customer-facing service providers as well as mobile carriers and social networks. He serves on the advisory committee for the SOURCE Security Conference, as well as several conference technical program committees. Many of his close friends work in the security industry, and he will disclose those relationships as he deems it necessary.

Biography

Adam O'Donnell

Adam J. O'Donnell, Ph.D. is an R&D engineer who has focused on computer security since 2000. He currently is the Director of Emerging Technologies at Cloudmark, a messaging security company located in San Francisco.

Adam early on mastered the art of writing in complete sentences, using both hands and one foot. Later, he learned to do so with each individually. After fourteen years of apprenticeship in the mist-covered hills of central Nepal, Dr. O'Donnell emerged an unparalleled digital warrior and in desperate need of a anti-fungal wash.

Approaching both life and enterprise security with the verve of a particular capuchin, he is respected the world over as an observer of all he sees. Adam's dry blade of analysis will sever the hard candy shell surrounding most technical security concepts, and significantly goo-ify the remaining so as to be consumable in small bites with sufficiently large servings of digestive aids. Just what the doctor ordered.

Related Discussions on TechRepublic

Did you know you can take part in these discussions with your ZDNet membership?
Ask a Question Start a Discussion
18
Comments
Add Your Opinion

Join the conversation!

Just In

Of course, the alternative is...
jasonp@... 4th Sep 2008
for every individual and company in the world to hire
their own IT staff complete with infrastructure and
development staff. Everybody could develop their own
personal Internet where nobody ever shares data or
services. I think we tried that once, back when we
were still living in caves. It didn't take long to
realize that working together was much more productive
than working apart. Do you lose some control when
working with others? Of course. But that loss of
control is all too often overshadowed by better
results. Sometimes results matter more than claiming
to have control.
View in thread
0 Votes
+ -
Heres Download Link.
VONDRASHEK@... 2nd Sep 2008
Actually you'd be impressed by Pogo browser from AT&T much more, yet heres link:


http://www.google.com/chrome

Signed:PHYSICIAN THOMAS STEWART VON DRASHEK M.D.
0 Votes
+ -
The only problem there, Adam
John Zern 2nd Sep 2008
away from desktop applications to everything being delivered as a service.

The major problem is that you sign away control of you data the day everything is delivered as a service.
0 Votes
+ -
No, and when you put your money in the bank, you do not lose control either
DonnieBoy 2nd Sep 2008
NT.
0 Votes
+ -
No you don't
wackoae 2nd Sep 2008
When you open a bank account, you sign a contract where you are to follow some rules, and agree to pay a fee when the rules are not followed. In exchange you get a "safe" for you money.

Your decision, your control.

If you don't like the rules, you can take 100% of the money to another bank with better rules.

You loose no control over nothing.
0 Votes
+ -
Only if encrypted
alecco 3rd Sep 2008
You loose control of who has the information, at least. Governments, spammers, botnets, they all want it.
0 Votes
+ -
yes and no
Al_nyc 3rd Sep 2008
You don't lose full control, but you do lose some control. Money in bank accounts can be frozen. If
it is really imporant data, it is best to not rely on a
service run by someone else.
0 Votes
+ -
ever hear of the great depression?
fritzendugan@... 3rd Sep 2008
Everybody rushed to the banks to withdraw their money,
but it wasn't there.

I think we may just see something similar on the
internet within the near future...
0 Votes
+ -
Of course, the alternative is...
jasonp@... 4th Sep 2008
for every individual and company in the world to hire
their own IT staff complete with infrastructure and
development staff. Everybody could develop their own
personal Internet where nobody ever shares data or
services. I think we tried that once, back when we
were still living in caves. It didn't take long to
realize that working together was much more productive
than working apart. Do you lose some control when
working with others? Of course. But that loss of
control is all too often overshadowed by better
results. Sometimes results matter more than claiming
to have control.
0 Votes
+ -
Major security flaw
drorharari 2nd Sep 2008
Chrome's lack of a master password to
protect saved passwords is a big flaw
in my book. This way, if I stored
passwords and someone gets access to
my disk, they get access to the stored
passwords...
0 Votes
+ -
RE: Security-wise, Google Chrome is (potentially very) Good
karnok.d@... 3rd Sep 2008
Wow, it has permanent DEP enabled.
0 Votes
+ -
RE: Security-wise, Google Chrome is (potentially very) Good
johnsmithbitter 3rd Sep 2008
"Google???s Chrome technology is the next necessary step in the movement away from desktop applications to everything being delivered as a service"

This hits the strategic nail in on the head.

Chrome will undermine Microsoft at it's base. Move the apps, and the OS will fall, and down will come Microsoft, Windows and all. So how long before Microsoft tries to buy Amazon?

In the tactical timescale, no biggie, although Firefox will probably bear the brunt.
0 Votes
+ -
Everything?
CobraA1 3rd Sep 2008
"Google???s Chrome technology is the next necessary step
in the movement away from desktop applications to
everything being delivered as a service."

Everything? A mixed environment is fine with me, but
do we really need "everything" to move to services?
0 Votes
+ -
Remember you couldn't even surf with IE when it came out
Randalllind 3rd Sep 2008
I hate the tabs above the address bar but it is fast.
0 Votes
+ -
Very flawed browser
kyron.gustafson@... 3rd Sep 2008
Based on an outdated version of Safari with unpatched security flaws (carpet bombing). Yeh, this is just what the world needs.
0 Votes
+ -
RE: Security-wise, Google Chrome is (potentially very) Good
Loverock Davidson 3rd Sep 2008
The key word here is potentially but since its Google they have ways of screwing up security like no other company. I wouldn't trust them with my info, much less have a browser that will read everything I type and send it to them.
0 Votes
+ -
RE: Security-wise, Google Chrome is (potentially very) Good
hddrummer1@... 3rd Sep 2008
With over 24 hours of use on a powerful laptop running
Vista, Google Chrome is the fastest browser I have
ever used. I have run through as many sites as
possible and downloaded numerous apps without a single
flaw, crash, intrusion etc. We have dealt with
security issues with IE for years and I don't care
what new browser surfaces, there will "always" be
something for the community to gripe about. IMO
"Google Chrome is a breath of fresh air" and I bet
after folks use it awhile to it's fullest in features
they will be loving it as I am. Tabs are awesome and
recent page visit feature is great! If security is
your personal issue, don't surf the net like an idiot
and download files from unfamiliar entities and you
won't have any issues. KUDOS to the Google Chrome
developers!
0 Votes
+ -
RE: Security-wise, Google Chrome is (potentially very) Good
Romano4444 4th Sep 2008
I like Google ideas, but why this Chrome is best than, f.e., Opera the best and the only one with email client? Let's say that you open a site 1 sec early and the others. What you'll make with this second?
0 Votes
+ -
RE: Security-wise, Google Chrome is (potentially very) Good
Homealone 4th Sep 2008
Google has been noted to be one of the worst sites for advertisements and selling or passing on your information. Do we want to trust them with your important information. I like the idea of a new browser and i`m not concerned about the security flaw, it will be fixed but access to information is a concern.

Join the conversation!

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
ie8 fix
Click Here
ie8 fix

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
ie8 fix
ie8 fix