Wednesday, September 3, 2008

Google's new Web Browser - Google Chrome

The news of Google's official release of the new browser, Google Chrome is making waves everywhere and grabbed a lot of attention! Google, the search engine giant, has spread its tentacles in the Browser industry too! When asked to comment on this, Mozilla's chief executive, John Lilly replied that it wasn't surprizing that Google had made its entry into the Browser domain and he'd have been more surprized if it hadn't made its entry into Browser development!

Curious to know how the interface and working of the browser is, I downloaded and installed it only to find out that the interface is as clean and simple as its home page. :)

The other added features which makes it special are: Minimal Interface, Stability, Minimal interference by Download popups, Better Performance, Private browsing (The incognito mode), Dynamic Tabs and the list goes on! :)

Google's new browser, Chrome, has the following security features too:

 Site blacklists to protect against malware and phishing


A privacy mode (Incognito) to erase tracks of user activity.

A thorough Clear Browsing Data dialog box.

But the really innovative feature in Chrome is the way Google has built the browser's rendering engine to run in a sandbox! Each Browser tab is an isolated process running with limited capabilities. This means that if a malicious application were to run, it could not crash, interfere with or impede the others running in tabs! It also means that the app cannot do things, like write to the file system that could make the malicious app persistent.

But unfortunately, there are already demonstrable holes in the sandbox. Chrome, for example, has already been demonstrated to be vulnerable to the Apple Safari "Carpet Bombing" vulnerability. The new version of the attack drops files in the Chrome download folder; the user would have to be persuaded to run them via a social engineering attack. This may or may not be practical, but the sandbox did fail.

Why did it fail? Because Chrome is built on open source code from other platforms, including Apple's WebKit. Google specifically used a version of WebKit prior to the fix for the Carpet Bombing bug. Par for the course with some open source projects.

Already, Google Chrome has reportedly taken up 3% of the Browser market share. After resolving these vulnerabilities, it will emerge as the world leader in the Browser industry just as it achieved cult status in the search engine domain!!

No comments: