How secure is Chrome's sandbox?

i was reading this review of Chrome 10 on PCMag and i got particularly interested in the security section where they talk about the sandbox:

here's the linkie to the review:
-http://www.pcmag.com/article2/0,2817,2373860,00.asp-

there does not seem to be much info out here about Chrome's effectiveness against malwares.

has there been any tests to see if malwares can get out of Chrome's sandbox?
i am especially interested to hear how it does against drive-by malwares.

 

Chrome's sandbox is indeed a strong security solution (especially with --safe-plugins), but not against all types of threats. You can't compare it to Sandboxie for example.
Chrome's sandboxing is very strong against exploits and drive-by downloads, but not against ordinary malware (trojans etc.) and phishing threats. Microsoft's SmartScreen filter is unmatched in that area.

That is why I have always hoped that Internet Explorer 9 would feature the same sandboxing techniques as Chrome does, however IE9 only partially sandboxes. Since the combination of Chrome's sandboxing and Microsoft's SmartScreen filter would be unbeatable. Combine that perfect browser with built-in security measures (Windows Firewall, operating system hardening with assistance from EMET), backup and a system image and an on-demand scanner (Hitman Pro is the perfect candidate) and you have have bulletproof protection.

 

Some small collection of links for start:

A new approach to browser security: the Google Chrome Sandbox
Rolling out a sandbox for Adobe Flash Player
Playing in the Chrome Sandbox
The Chrome Sandbox Part 1 of 3: Overview <-- highly recommend this one)
The Chrome Sandbox Part 2 of 3: The IPC Framework

 

It totally isolates the code you are running in your browser using the OS internal mechanism: simply brilliant

Only coding errors (exploits) in the underlying WIndows OS or the components Chrome itself uses could cause intrusions, it is that strong.

It is a theoretical near 100% (practical 100% is impossible, because every man made software or product could have errors)

 

tnx kees!
that is information that will not go to waste.

it's quite surprising that you hear a lot about Chrome speed but rarely about its security performances.

many tnx to matt and doktor as well for their help.

 

I have always liked this Charle Miller quote on Chrome security:

http://tech.blorge.com/Structure:%20/2010/04/01/google-chrome-survives-pwn2own-intact/

 

Yep and when you disable installer detection, UAC will only elevate from safe placed, meanig not the C:\Users\etc. So Chrome will allways run in a LUA container.

 

Google are certainly confident about their sandbox security:

http://www.computerworld.com/s/article/9214022/Google_s_Chrome_untouched_at_Pwn2Own_hack_match

 

Thanks andyman!
Guess I'm extra secure running chrome in sandboxie

 

I'm always intrigued by the concept of running a sandbox within a sandbox,alas it hurts my head to think about it too much.

 

I will say that since I have been running Chrome I've never had a malware infection.

Also, http://downloadsquad.switched.com/2011/04/05/google-chrome-and-chromium-add-protection-against-malicious-down/

 

Thanks, never knew about that. Therefore Chrome has all the features of IE SmartScreen Filter and Protected Mode?

 

Starting to sound like it.

Heck, I wonder what would happen if Google made an antivirus?

 

Every Google AV would get an unique AV ID ...

 

Isn't the unique ID thing a bit old now? On topic, a Google AV might actually work. We could argue about whatever privacy issues would come up, but I bet they could pull it off.

 

Google has been blocking malicious URL's/phishing sites for ages, Firefox uses it's list too. Not sure why it's being advertised as a "new feature". I believe the deal here is that SmartScreen is simply doing the best job at it, hence why it's being incorporated into hotmail, messenger, IE, etc.

 

sorry if the question looks stupid...

how to disable installer detection? what are safe placed locations?

Is there way to configure chrome to achieve the below functionality like firefox's one -
1) delete selected set of browsing history (like cache,cookies,download history, form and search history) when browser closes. (tips are welcome for ie9 even)
2) backup list of java-script allowed sites.

 

Safe locations are C:\Program Files and C:\Windows.

The easiest way to disable installer detection would be to copy the following to a Notepad file and save it with the extension *.reg, by properly naming it like Disable_UAC_Installer_Detection.reg
Then, if you're using a standard user account, open cmd.exe with administrator rights; then pressing the SHIFT key on your keyboard, right-click the file Disable_UAC_Installer_Detection.reg and choose "Copy as path"; then go back to cmd line and click the cmd line icon - Edit - Paste. Press enter. You should get a confirmation to apply the registry change.

Otherwise, temporarily enter your administrator account, and copy the *.reg file over there and excute it.

Code:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableInstallerDetection"=dword:00000000

Just press CTRL+SHIFT+DEL and then clean what you wish to clean.

Chrome's preferences are kept in a file called Preferences, placed in Chrome's profile folder. Look it there.

I know you didn't ask me... but... well... I felt like I could be of some assistance.

 

first of all a big thanks for answering all my questions patiently

This does definetely helps me. But i wanted, this one particular feature atleast to be borrowed from firefox. it really a set&forget setting and u never need to bother about cleaning traces...

 

You could try and see if there's any Google Chrome extension that does it. There's one called Click&Clean, but I don't know whether or not it automatically cleans cookies, etc.

 

Hmmm, well if you are wiping all this stuff all the time, you might as well use incognito mode instead and be done with it. Just add --incognito to the shortcut.

 

Incognito isn't that much of an incognito... Same from IE Private Browsing... etc... They leak... like leaky diapers.... At least, it has always been my experience.

Not to mention that under certain conditions, when doing something in Chrome, like clicking the link for Adobe Flash Player settings, Chrome will break out of the incognito mode... which is ... stupid. If I'm forcing something to run incognito, then I'd expect it to always run incognito...

 

What exactly does it leak? The main purpose is that it doesn't remember your internet activities, which it (Chrome/IE) seems to do fine at when using my bank service?

 

CCleaner always seems to have stuff to clean for IE, which is always ran in Private Browsing and forced to delete temporary internet files. I wonder what it fails best at.

Chrome's incognito mode... well... it leaks... when the conditions I mentioned happen.

 

After all, there are incompatibilities between the Chrome Sandbox with Sandboxie?