Google Site Search


Wednesday, September 17, 2008

Security in Google Chrome

At the Oasis Security Forum in London in 2 weeks, Opera Browser Chief Security Architect, Yngve is going to be making a presentation on "Modern Browser Security". I am looking forward to Yngve's presentation. The Green Tool Bar (via EV Certs) is certainly a nice feature, except that it does not guarantee total security. Remember the authenticity of the website is guaranteed by the EV cert but there is no guarantee what the web content does. :(

Since the major players in the browser makers have put in a lot of emphasis on security, it is important to see the security features in the new browser from Google called "Google Chrome".

1) Privacy Mode
Chrome has a privacy mode; Google says you can create an “incognito” window “and nothing that occurs in that window is ever logged on your computer.” The latest version of Internet Explorer calls this InPrivate. Google’s use-case for when you might want to use the “incognito” feature is e.g. to keep a surprise gift a secret.

2)Web apps can be launched in their own browser window without address bar and toolbar.

3) To fight malware and phishing attempts, Chrome is constantly downloading lists of harmful sites. Google also promises that whatever runs in a tab is sandboxed so that it won’t affect your machine and can be safely closed. Plugins the user installed may escape this security model, Google admits.

For more info, look at this blog entry at blogoscoped.

Apart from the Privacy mode, I think the modern browsers are making an honest effort at fighting phishing and malware.


Pat R said...

it's funny, the more i use Chrome, the more unstable it seems to get; it crashes a lot more, can't handle sites with flash, hangs every time i close a tab... all that to say, i'm switching back to Firefox

Anil Saldanha said...

Hey Patrick, thanks for the comment.

I guess Chrome is new and has a long way to stabilize itself (still waiting for Chrome on Linux). I have never left firefox. :)

What would be interesting is to track the exodus of users to Chrome.