Google Chrome Puts Security in a Sandbox

December 11, 2008 – 9:01 PM

The Google Chrome browser is no longer a beta, and has been outfitted with a coat of security armor Google hopes will both protect users and help Chrome compete with rival browsers.

The toughest piece of that armor involves sandboxing. In Chrome, HTML rendering and JavaScript execution are isolated in their own class of processes. Running each tab in Chrome in a sandbox allows Web applications to be launched in their own browser windows without the ability to write or read files from sensitive areas. Plug-ins are run in separate processes that communicate with the renderer.

“I think Google was very proactive in terms of what we’ve been doing around trying to help prevent users from being infected with malware,” said Ian Fette, security product manager for Google. “On the Web browser, we’re trying to do everything we can to make sure that users are not becoming affected with malware, and a big part of that is the sandboxing technology.”

Calling it a second level of defense, he said the technology is designed to prevent malware from persisting even if there is a flaw in the code that would lead to the Web browser being compromised.

“It’s designed to prevent malware from getting installed on the system, from being able to start again when you close the browser and restart the computer; it’s designed to help prevent malware from being able to read files on your file system … it’s really a defense-in-depth mechanism,” Fette explained.


You must be logged in to post a comment.