DoI: 10.1145/1536616.1536634
article development led by
queue.acm.org
To shield the browser from attacks, Google
Chrome developers eyed three key problems.
BY chARLes ReIs, ADAm BARTh, AnD cARLos PIzAno
Browser
security:
Lessons
from Google
chrome
tHe WeB HAs become one of the primary ways people
interact with their computers, connecting people
with a diverse landscape of content, services, and
applications. users can find new and interesting
content on the Web easily, but this presents a security
challenge: malicious Web site operators can attack
users through their Web browsers.
Browsers face the challenge of keeping
their users safe while providing a rich
platform for Web applications.
Browsers are an appealing target for
attackers because they have a large and
complex trusted computing base with
a wide network-visible interface. Historically, every browser at some point
has contained a bug that let a malicious Web site operator circumvent the
browser’s security policy and compromise the user’s computer. Even after
these vulnerabilities are patched, many
users continue to run older, vulnerable
versions.
5 When these users visit malicious Web sites, they run the risk of
having their computers compromised.
Generally speaking, the danger
posed to users comes from three factors, and browser vendors can help
keep their users safe by addressing
each of these factors:
The severity of vulnerabilities. ˲ By
sandboxing their rendering engine,
browsers can reduce the severity of vulnerabilities. Sandboxes limit the damage that can be caused by an attacker
who exploits a vulnerability in the rendering engine.