Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Security Businesses Google The Internet

A Closer Look At Chromium and Browser Security 109

GhostX9 writes "Tom's Hardware's continuing series on computing security has an interview with Adam Barth and Collin Jackson, members of Stanford University's Web Security Group and members of the team that developed Chromium, the open-source core behind Google Chrome. The interview goes into detail regarding the sandboxing approach unique to Chromium, comparisons between the browser and its competition, and web security in general."
This discussion has been archived. No new comments can be posted.

A Closer Look At Chromium and Browser Security

Comments Filter:
  • Good (Score:4, Insightful)

    by maz2331 ( 1104901 ) on Friday April 17, 2009 @09:29PM (#27623109)

    These are all great ideas, and I hope Firefox and/or MSIE pick up on them, simply because I can't stand the Chrome UI.

    Sorry, but that thing just isn't what a browser is supposed to be.

    The uhderlying technology can be the greatest ever, but if the interface sucks, well, I won't use it.

    • Re:Good (Score:5, Informative)

      by mhousser ( 1359089 ) on Friday April 17, 2009 @09:42PM (#27623177)
      I love the interface! What I don't love, however, are the millions of ads that I forgot existed. I'll move to Chrome the minute it supports plugins and AdBlocker is ported to it. Chrome's plugin API will be finished later this year.
      • Re:Good (Score:5, Informative)

        by Anonymous Coward on Friday April 17, 2009 @09:52PM (#27623227)

        It supports greasemonkey scripts if you append --enable-user-scripts to its shortcut. And theres a script for it that works exactly like adblock.

        • by Jurily ( 900488 )

          It supports greasemonkey scripts if you append --enable-user-scripts to its shortcut.

          And now you have two problems.

        • Re: (Score:1, Insightful)

          by malkir ( 1031750 )
          So you're just going to open a huge security hole in the process? You shouldn't have to sacrifice!
          • by julesh ( 229690 )

            So you're just going to open a huge security hole in the process? You shouldn't have to sacrifice!

            OK, let's here it: why is user scripting a security hole?

            • Re:Good (Score:4, Informative)

              by asdf7890 ( 1518587 ) on Saturday April 18, 2009 @08:52AM (#27626197)

              OK, let's here it: why is user scripting a security hole?

              With early versions of GreaseMonkey, the way the user scripts were applied to pages would allow the page to affect easily the GM in ways that could lead to cross-site attack vectors.

              That is why GM had a fairly complete redesign around the middle of 2005, remove the issue(s) that affected all scripts, but individual scripts can still be vulnerable depending on their design - hence you should be careful not to let a script apply globally for security reasons as well as efficiency ones. For a decent description of the problems with earlier GM versions and problems that you can still create for yourself in the latest versions, this article [oreillynet.com] does a decent job.

              The other major problem with user scripting is using scripts from other sources without performing an exhaustive code review first. How do you know that the script you have just enabled isn't subject to one of the flaws? How do you know it isn't intentionally malicious? There have been several cases of this in the past, hence the warning message before you add a script to GM in recent versions and the warning message that appeared on userscipts.org for some time (as malicious scripts were found in their archive).

              Like many things, user scripting isn't a problem if both programmers and users are educated, careful and care. There lies the problem.

              I use GM myself, with scripts of my own devising or those from elsewhere that I have sufficiently reviewed, but I would not recommend it (or equivalents) to the general populous as they do not need any further ways to dig themselves into a malware riddled hole.

      • Re: (Score:2, Insightful)

        by Genocaust ( 1031046 )
        I like others, also love the UI. It took some getting used to over Firefox, but I do like the clean look of being able to focus on actual content -- not the browser itself.
        As to Adblock, yeah, wow, there are a lot of ads out there I didn't even know existed! Using OpenDNS I manage to block most of them just by domain through their blacklist service, though. It's not perfect, but better than nothing for now!
        • Re: (Score:1, Interesting)

          by Anonymous Coward

          There are 2 features of chrome that have annoyed me to the point of recently switching back to Firefox.

          1. When you scroll it scrolls like half a page at a time, rather than 3 lines at a time like every other browser. There is a setting in windows for how many lines an app should scroll when you scroll the mouse - why doesn't chrome follow this?

          2. Also have you noticed that when you close chrome, any downloads get cancelled and there's no way to resume them without restarting the download. And the only way

      • by blahbooboo ( 839709 ) on Friday April 17, 2009 @09:54PM (#27623239)

        Srware Iron is Chrome compiled without all the Google spyware crap and it has adblock built in.

        I LOVE IT! Firefox (all versions) is sooooo slow compared to Chrome/Iron.

        http://www.srware.net/en/software_srware_iron.php [srware.net]

        • Re: (Score:1, Insightful)

          by Anonymous Coward

          I just used that, went to the Slashdot Home page and began scrolling up and down, which made my computer lagged. CPU usage spiked heaps.

          It's a good idea, and I hope they can improve it, but for now, it's not as good.

          So alas I will continue to run both Chrome (for gmail and gcal) and FireFox (for everything else).

          • I just used that, went to the Slashdot Home page and began scrolling up and down, which made my computer lagged. CPU usage spiked heaps.

            It's a good idea, and I hope they can improve it, but for now, it's not as good.

            So alas I will continue to run both Chrome (for gmail and gcal) and FireFox (for everything else).

            Weird, works perfectly for me.

          • This actually happens to me using FireFox - though perhaps due to the computer having a decent processor (Core 2 Duo) it is fast enough that it isn't a bother.
        • by sortius_nod ( 1080919 ) on Friday April 17, 2009 @10:57PM (#27623525) Homepage

          So what about its adblock, the thing doesn't render pages correctly. From what I can tell it is a badly compiled version of chrome.

          When they get it right, then I might think about using it... uninstall time.

          • Re: (Score:3, Interesting)

            by blahbooboo ( 839709 )

            So what about its adblock, the thing doesn't render pages correctly. From what I can tell it is a badly compiled version of chrome.

            When they get it right, then I might think about using it... uninstall time.

            I get some weird font smoothing occassionally on Slashdot, otherwise works perfectly for me. It's so blazing fast when I go back to Firefox I am shocked how agonizingly slow the browser is to render pages...

            • Are you using the current version 3.08, i think? I've tested it on my two computers & I honestly can't see a difference. I had to load js animations at chromeexperiments to see a difference.
              • Using the 3.1b3 firefox. Pages are instantly rendered in Chrome, Firefox takes forever. I see this on multiple computers.

                Javascript performance doesn't matter, its the engine rendering speed that is the differentiator.

        • by msimm ( 580077 )
          I'm sure this has been pointed out else where, but thanks for the tip. It's a nice browser without the crap.
        • Re: (Score:3, Insightful)

          by mcrbids ( 148650 )

          rware Iron is Chrome compiled without all the Google spyware crap and it has adblock built in.

          Unfortunately, they don't have a download in RPM or source form, so I can't install it on my Fedora Core 10 laptop.

          Without *nix support, Chrome(ium) is a non-starter.

      • Re:Good (Score:4, Informative)

        by cryptoluddite ( 658517 ) on Friday April 17, 2009 @10:01PM (#27623283)

        Chromifox [mozilla.org] makes firefox look a lot like Chrome. Chrome is a nice toy, but it's UI is pretty lacking when you want to do something like maximize screen space on a 1024x600 screen.

        • by Anpheus ( 908711 )

          F11.

          It works on Chrome's Dev branch, which any self-respecting slashdotter would use to provide useful feedback to the developers of Chrome.

          • In firefox I can go full screen, but still keep the URL bar, so I know what site I'm on. I can get a menu bar by pressing Alt once. I can put the NoScript button on the URL bar. I can even put a button to toggle fullscreen, since it's often easier to trackpad to a button than find F11 on a small non-backlit keyboard. Or firefox can drop down this UI when the cursor is at the top.

            Chrome can do none of these things, even in the current beta version. The UI in many ways is restrictive and lacks many nicet

      • Re: (Score:3, Informative)

        There is actually something handy called AdSweep [adsweep.org] that works with Chrome, but it's not regex based like Adblockplus so it seems to only work on sites that are built into it. It's better than nothing, I guess, but there are still about 300 other things that Firefox does for me that Chrome is far from doing, and a lot of them hinge on a good extension platform. I just don't think it can get better than XUL/js for extension writing.
      • Re: (Score:3, Interesting)

        by PopeRatzo ( 965947 ) *

        Maybe instead of complaining about a browser that displays ads, you might want to stop visiting websites that have intrusive and overwhelming ads.

        I use Slashdot and Chrome and don't see any ads because I'm a subscriber, but even if I wasn't, the low number of ads here is one reason I like it.

      • Re: (Score:3, Informative)

        by cbrocious ( 764766 )
        If you use Privoxy [privoxy.org], the majority of those ads will go away, and you can do custom filtering for fun and profit easily.
      • Get bfilter, you can run it with adblock filters, stops 98% of ads.
      • by dave420 ( 699308 )
        Don't visit sites with adverts, and you're set. But I guess you think it's fine to visit sites that you want to visit, and not have to see adverts which pay for the content you clearly want. Lovely.
      • Why would a company who makes most its profit on ads willingly allow users of its browser to subvert its main source of money?
      • I love the interface! What I don't love, however, are the millions of ads that I forgot existed. I'll move to Chrome the minute it supports plugins and AdBlocker is ported to it. Chrome's plugin API will be finished later this year.

        Just use privoxy http://www.privoxy.org/ [privoxy.org] Works great and you can configure it quite easily to block just what you want blocked. It will do the same for IE if for some strange reason you want to use that POS.

    • Um... this is an opinion that many other people definitely do not share. I for one love the ability to focus on the web content, rather than the mess of toolbars to be found on other browsers.

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      The uhderlying technology can be the greatest ever, but if the interface sucks, well, I won't use it.

      That describes in a nutshell why OS/2 never caught on big.

      • by drolli ( 522659 )

        Insightful? The OS/2 interface was extremely consistent and extremely configurable. e.g. make a template for a file which containe certain context menu options. etc...

      • Re: (Score:2, Interesting)

        by Anonymous Coward
        I've always felt that the OS/2 UI was far superior to the Windows versions of the time (3.x/95). Heck, it makes more sense to me then Windows Vista/7 does.
        • by anss123 ( 985305 )
          I tried OS/2 Warp4 recently and hated it. The whole menu bar on top is cluttered, glad it never caught on.
      • "That describes in a nutshell why OS/2 never caught on big"

        Yea, OS/2 Warp [os2bbs.com] never came near to matching Windows 95 [google.com] in GUI functionality.
    • I agree the interface is lacking, but that is why I can whole heartedly recommend it to all my novice friends and family. It is secure, it is simple, and it does exactly what people who know little about computers want to do - get online and go to a specific web site.

      Gmail is also great. Simple, secure, and uncluttered. Create an app icon and add it to the start menu, and you have a very simple email solution. The only problem I have though is their grouping of threads, which is unnecessary. That should be

      • Re: (Score:2, Informative)

        by voidphoenix ( 710468 )

        Gmail is also great. Simple, secure, and uncluttered. Create an app icon and add it to the start menu, and you have a very simple email solution. The only problem I have though is their grouping of threads, which is unnecessary. That should be a lab feature if any. And why can't they just add folders? Who cares which is better. Some people just want folders, not labels, and if its so easy to give it to them, denying it is selfish. Just give it up, and give people what they want!

        Labels can work _exactly_ like folders if that's all you want. The main difference is that a message can be in more than one "folder" if you need it to be.

        • Right. Except such explaining and adjusting is precisely what is inconvenient to someone who already learned how to use folders over a long period of time, and isn't very competent with computers.

          Labels can work _exactly_ like folders if that's all you want. The main difference is that a message can be in more than one "folder" if you need it to be.

          You might be surprised at how hard this sentence is for some people to comprehend.

        • by lgw ( 121541 )

          Labels can work _exactly_ like folders if that's all you want.

          You can use labels in GMail to create subfolders? How do you do that?

    • Re:Good (Score:4, Interesting)

      by similar_name ( 1164087 ) on Friday April 17, 2009 @11:53PM (#27623785)
      My biggest complaint about the interface is it unnecessarily creates its own window/title bar. As such I can't use RBtray on it to keep Chrome windows 'always on top'. Which I like to do so I can stick a hulu window in the corner of my screen while I'm browsing.
    • Re: (Score:1, Interesting)

      by Anonymous Coward

      For the majority of browser security as of late, JavaScript seems to be the culprit of causing malware to even professional IT people due to browsing habits and such. Chrome will and had made this far worse by not allowing a user to pick web scripts to run. I use Firefox with NoScript addon, which gives options to enable JavaScript individually on page or by an icon that reveals all sites with scripts. Since this has eliminated virtually all browser vulnerabilities (except for user stupidity), I dislike all

    • by weicco ( 645927 )

      I read Playing in the sandbox - page and I really don't see what is so great in there compared to IE on Vista. Same NTFS Access Control Lists are used as any other Windows application. And I'm not 100% sure about this, but doesn't Chrome run on user privileges when IE (on Vista) uses more restricted privileges?

      My understanding is that you can't totally sandbox browser unless you do it on kernel level like FreeBSD jail does. And even then browser must be able to access user files if user wants to upload some

      • Re: (Score:3, Interesting)

        by Bert64 ( 520050 )

        I used to run a browser in a chroot on linux, partly because i had a 64bit system but needed some 32bit plugins (java, flash) and partly for the security benefit...
        In terms of user files, you simply leave them in the sandbox, the host system can access the sandbox but the sandbox can't access the host which is how it should be.

        • by weicco ( 645927 )

          Hi. Thanks for the reply. I'm not really familiar with sandboxing technology and your reply cleared things up a bit.

          But still if we go back to Windows (I don't know much about *nis OSes) even if you are running in the sandbox, you would able to use Win32 API, right? Now if you are running browser with user credentials, like Chrome/Chromium does, you are able to access plenty of stuff through Win32 API. This, of course, would need a sophisticated attack but in theory I think it is possible. Now even if you a

      • Since Chrome was the only browser left standing in the Pwn2Own contest, i think its pretty obvious that their sandboxing is vastly superior to IE.
      • Re: (Score:1, Informative)

        by Anonymous Coward

        Chrome's superior safety comes from the independence between tabs :

        - Each tab is a separate process (i.e no memory sharing with other tabs)
        - Each tab runs it's own copy of JavaScript

        The process-per-tab design also has the major advantage that if one web site is slow or hanging it won't affect the other tabs at all as it does in most other browsers where the whole browser can lock up while a slow page is loading.

    • Firefox won't pick up on those ideas in the foreseable future, perhaps never. I hope you enjoy your IE experience!

      (for the record, I think the Crhome UI is excellent. Nothing superfluous, and rather pleasant to look at)

  • by Anonymous Coward on Friday April 17, 2009 @10:03PM (#27623299)
    When I go to the main google page in IE 8, it has this huge icon telling me to use Chrome in the top right corner. When I go there in FF, its not there. Is google singling out IE users?
    • by Tacvek ( 948259 ) on Friday April 17, 2009 @10:19PM (#27623367) Journal

      Perhaps. My guess is they have logic like the following:

      If you use Firefox, you probably already have heard about Chrome, and have decided not to switch. If you use IE, you probably have no idea that other browsers even exist, but you may know and like Google, so would be willing to give this Chrome thing a try.

      • by Anonymous Coward on Friday April 17, 2009 @11:23PM (#27623645)

        Or maybe they just wrote the page such that standards-compliant browsers won't show the advert.

        • That would be good marketing though...

          As only the people with crappy browsers like IE would have their experiences improved by switching, while those with browsers that follow the rules probably already have satisfied users who would be meh about leaping from one cloud to another.

          • by dm89 ( 1462073 )
            Google promoting Chrome over IE because of standards compliance makes no sense, since Google's home page [w3.org] is not standards compliant
      • by trazan ( 667537 )
        Probably. And you're likely to be more open to the idea of installing a new browser if you're using IE8 (since you just did so) compared to IE6 & 7.
    • Could be another battle in Google's big middle finger crusade pointed at Microsoft.
    • Re: (Score:2, Insightful)

      by Anonymous Coward

      Of course they are!

      Firefox has the "Tell me if the site I'm visiting is a suspected attack site" option checked by default. (Tools --> Options --> Security) This option sends every site one visits to Google for verification, so Google is already getting a complete history of each site visited for FF users. [IE sends this information to Microsoft.]

      Thus, Google has more incentive to switch an IE user to Chrome than a FF user.

      • by Anonymous Coward on Saturday April 18, 2009 @04:10AM (#27624757)

        I am sorry but that's incorrect. Firefox uses a local database of suspicious URLs that is updated every 30 min. URLs are never send to Google, Google sends suspicious URLs to Firefox.

        The functionality you describe was optional in older versions of Firefox (to eliminate the max 30 min. delay for ultra paranoid people) but was removed on request of Google because it caused them too much load.

    • Actually google did issue a press release saying that they did not want to encroach upon firefox's market and that it was IE that they had their sights set on. It WAS a press release so read into that what you will. Firefox and Google do make a lot of money for each other so it may be more of a financial thing than a "do no evil" thing. I don't want to speculate, could be a bit from column A and a bit from column B.
    • It's interesting that they are attacking IE8 and not just IE6 & 7. They had good technical arguments for attacking IE6. IE7 somewhat, but almost none for IE8. This brings them 1 step closer to getting into monopolist problems with Chrome - they can hardly go to town claiming Microsoft is pushing IE unfairly on Windows when they themselves are cross-fertilizing their own browser from their search business.

      • Re: (Score:2, Interesting)

        by Bert64 ( 520050 )

        IE8 may be a significant improvement from 7, but it is still massively behind other browsers... It has no SVG support, it's javascript engine is still massively behind the other browsers (javascript is very important for google) and it's css support while a big improvement is still behind other browsers...
        Also, doesn't IE8 require you to insert a non standard tag into your site in order to make it attempt to follow standards?

    • by Bert64 ( 520050 )

      IE is a browser controlled by a company that competes with google's profitable business areas, and is used by that competitor to drive traffic to it's services which compete with google...
      Firefox is not a competitor, google make no money from chrome, they just want users to be running a browser that defaults to google, which firefox also does. I imagine they also want users to be running standards compliant browsers, as it makes life much easier for them to write apps for them.

    • by Dan541 ( 1032000 )

      It's because IE users don't know any better. Firefox users are not going to switch to something else, at least not easily.

      • by gollito ( 980620 )
        Not true. I did. Firefox has gotten bloated and takes forever to even startup (I only have 1-2 plugins installed). Chrome is wicked fast.
        • by Dan541 ( 1032000 )

          To be honest I have noticed a slowdown when launching firefox, I only reboot once a month so I wasn't sure if I was just imagining it.

    • by Froqen ( 36822 )

      > Is google singling out IE users?

      Firefox defaults to google's search, IE doesn't (at least until the OEM gets paid).

  • by JavaManJim ( 946878 ) on Friday April 17, 2009 @11:57PM (#27623807)

    I like Chrome's Home Page web thumbprints.

    I dislike that I cannot control these. For example right now, I have two timesonline.uk up. Permanently it seems. The "tool" icon does not allow Home Page editing. It should.

    So,
    A. If anyone out there can enlighten me on how to adjust Home Page icons. Go ahead.
    B. If not Chrome developers, are you listening? Add web page adjustments to the Home Page. Pretty please?

    Thanks

    • Re: (Score:2, Informative)

      by Anonymous Coward

      The current dev branch of chrome just added support for adjusting thumbnails of new pages.

  • I've found that firefox just doesn't live up to what chrome gives me. It's a simpler interface, doesn't crash (very often) and is fast. I also love the most visited pages feature ready for you when a new tab is opened. I'm a heavy duty linux user but I won't switch to linux on my little laptop until there is a stable chrome implementation for it. And generally, I hate windows.
    • by A12m0v ( 1315511 )

      Hopefully this Summer we'll see a stable release of Google Chrome for Mac OS X and GNU/Linux

  • Sandboxing is NOT unique to Chrome. IE7 has been sandboxed in Vista since launch.
    • Re: (Score:2, Informative)

      by downix ( 84795 )

      Have you read the article, where he discusses IE7, IE8, Firefox and Safari's own sandboxing techniques for comparison to Chromes?

  • Is this version of portable chrome [portableapps.com] legimite. I do know it tries to go online and write to my system, strange for a portable app ...
  • What's unique about the sandboxing in Chrome. Doesn't IE8 do the same?

  • When I use Chrome, I cannot open some websites. Possibly, I should change settings, but I still think it need to improve a lot.

It is clear that the individual who persecutes a man, his brother, because he is not of the same opinion, is a monster. - Voltaire

Working...