Behind Chrome Security

http://blog.chromium.org/2012/01/principles-behind-chrome-security.html

http://www.chromium.org/Home/chromium-security/core-principles

 

Very good, simple to understand read. Thanks for posting that

 

Nothing in there about the extension vetting process, that I could find anyway.

 

No, no extension vetting mentioned.

But a very simple explanation of their methodology and some references to some mitigation techniques.

 

http://www.chromium.org/developers/design-documents/sandbox explains the policy contanment using a restricted token (protects admin space), a windows job object (makes sure also some user-handles and global objects tokens are protected, which reduces side by side intrusion at limited user level), alternate desktop (also hardens against messaging between objects/services) and the integrity levels (on Vista/Windows 7 making use of Low Intergity level, making all medium level intergrity - limited user objects/processes a no-go area).

 

Well, that article is about Chromium, and not Google Chrome. Chromium doesn't belong to Google... ... so, we'd see some explaining about the vetting process (or lack of it, if that's the case), if the article was about Google Chrome.

Extensions aren't officially developed for Chromium, but for Google Chrome. There's no Chromium Web Store...

 

It's my understanding that Chromium is basically the breeding ground for future Chrome releases..am I not correct on that? If I am, then the article is still relevant. I do recall Chromium not sandboxing Flash, but I believe that is where one of the few differences ends.

 

Yes, the article is 100% relevant.

But, anything about a Google Chrome extensions vetting process would never be presented to us in Chromium articles. It would be in Google Chrome article; most likely here -https://www.google.com/chrome/intl/en-US/more/index.html I'd say, or some other place other than in a Chromium article.

 

Yeah, I thought it was about Google Chrome browser.
Looked like it to me.

The constant reference throughout the article to Chrome (rather than Chromium) is what did it, I guess... and the references to browsers and browsing.

What browser does Chromium OS use?

Thanks for clarifying that, m00n.

In all honesty, the below quote from the OP's 1st link sounds like Google Chrome is structured after the Chromium guidelines posted in the Core Principles article.

Given that Google Chrome reliance upon Chromium guidelines, it doesn't seem so far-fetched afterall that Google Chrome extension vetting process would ever be presented to us in a Chromium article.

 

Well, now that you mention it, I am seeing reference to We also employ the best available anti-exploit technologies—including ASLR, DEP, JIT hardening, and SafeSEH—along with custom technologies like Safe Browsing, out-of-date plugin blocking, silent auto-update, and verified boot on Chrome OS.

In the end, they're talking a bit about both (Chromium and Chrome). Who knows, maybe they would talk about an extensions vetting process there. Who knows...

Yes, the constant reference to Chrome, rather than Chromium does confuse a bit. I like to see it this way: Chromium - open source project, not directly associated with Google; Google Chrome - a freeware project based on Chromium, provided by Google. So, I'd also like to see a more clear distinction done by Chromium developers as well, even if most (all? lol) are from Google. I've seen some people referring to Google Chrome as open source, but to the best of my knowledge, it's not. It's just like COMODO Dragon, both are based on an open source project.

Chromium.

 

Chromium is Google's open source project.

 

http://www.chromium.org/Home/chromium-security/core-principles

Opinion or fact?

Quite commonly seen when people jump up to minimize the impact of security flaws.

 

I think if there were an extension vetting process worth talking about they'd do so. At this point I just don't believe there is one and I do believe we're going to start seeing users taken advantage of via the store.

Not all Chromium developers are Google employees btw. But you can't just start making commits, you need to be given write access to the svn.

Chrome is not open source because it includes Flash and their PDF reader is also closed source. Everything else is open.

 

There are very few "facts" in security, just standards.

 

Here we go again. Is "standards" the latest mot juste? What happened to "statistics"?

 

I'm not saying it's a standard. But we have entire organizations dedicated to standardization and I think it's a bit silly to think this is some kind of "hot word of the day."

 

Google Chrome isn't open source, but not because of what you mention. Just because Google Chrome is based on Chromium, it doesn't make it open source. You don't have access to Google Chrome's source code. You have access to Chromium's source only; this one an open source project. Just because you access Chromium's source and Google Chrome is based on it, that doesn't make it open source.

COMODO Dragon is closed source, yet it's based on Chromium. Just because I trust Chromium, for being open source, that doesn't mean I'll trust COMODO Dragon. They may share the code, but they have different code, code added and/or modified by COMODO. The same happens with Google Chrome.

Can you point me to the Google Chrome's source code, where I can see the differences between Google Chrome and Chromium's code? No. You can only point me to Chromium's source code, because that's the only open source project; not Google Chrome.

 

I suppose. EDIT: I mean, unless you compile the code yourself for Chromium, who's to say their buildbot isn't slipping something in? You wouldn't be able to tell after compilation.

 

Well, it's equally silly to drag in standards when I'm asking whether something is opinion or fact:
"There’s a common misconception that security can be handled as a feature or add-on component. "

 

Some new info just posted on the Chrome extension vetting thread.

 

I believe it to be true, that security can't truly be handled as an add-on component. Add-ons/extensions are really just a way to cover weaknesses in the built-in security. What they mean by "features", I don't know. To me, the sandbox in Chrome is a "feature", so is built in Flash/PDF. IE Smart Screen is a "feature", and yada yada. If they mean it in that sense, then to me it says "don't trust our sandbox/SmartScreen, so on and so forth. It won't do that much for you".

 

Agree and disagree. I disagree that there is no vetting process worth them discussing/doing. Mozilla's vetting process has worked out rather well all this time. Chrome, well, they barely seem to care, so I guess they wouldn't talk much about it. I also agree that their store and others are going to become bigger sources of problems in not too long of time.

 

That's beside the point, isn't it? My point was to make it clear Google Chrome isn't open source, because there's no source code available. For something to be open source, they need to provide the code.

And, while what you said is true, the same can be applied to any open source project, including Linux. Once compiled, how do we know we can trust this or that distribution? The true magic is for us to compile it ourselves, right? But, then again, Linux kernel has more than 15 million lines of code, according to this -http://www.h-online.com/open/news/item/Linux-kernel-exceeds-15-million-lines-of-code-1409952.html

I wouldn't be the one looking through all that. That much I can tell you.