chrome sandbox

Discussion in 'sandboxing & virtualization' started by Mars, Apr 28, 2009.

Thread Status:
Not open for further replies.
  1. Mars

    Mars Registered Member

    Joined:
    Feb 19, 2007
    Posts:
    24
    Location:
    Canada
    Hey guys, just a quick question here. Could you guys tell me how secure and stable Google Chromes' sandbox is (any tests out there)? As a vista 64x guy, my options for having sandbox technology is a little hard to play with.

    Cheers.


    (And yes, i have tried forcefield - wasn't a fan lol)
     
  2. progress

    progress Guest

    I found this post from Kees, but are there any new reports? :doubt:
     
  3. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Google Chrome's sandbox is as secure as the Operating System's lack of vulnerabilities.

    Google Chrome's sandbox makes use of Windows's own security implementations. Brings nothing new. If vulnerabilities exist in those security implementations, then Chrome's sandbox is easily beaten.

    I'll try and find the link from Google where you can read more how Chrome's sandbox works.

    Edited to add link: Here it is http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html
     
  4. progress

    progress Guest

    Is there any advantage when running Chrome instead of Firefox on Windows XP? :rolleyes:
     
  5. simisg

    simisg Registered Member

    Joined:
    Nov 6, 2008
    Posts:
    410
    Location:
    Greece
    it has more pages blacklisted by default.... but you can have firefox with wot or linkscanner
     
  6. cheater87

    cheater87 Registered Member

    Joined:
    Apr 22, 2005
    Posts:
    3,125
    Location:
    Pennsylvania.
    You can use Sandboxie with Chrome.
     
  7. Doodler

    Doodler Registered Member

    Joined:
    Dec 23, 2007
    Posts:
    219
    But I think the OP has a 64 bit machine, which isn't compatible with SBIE.
     
  8. thathagat

    thathagat Guest

  9. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Sorry guys,

    Stanford University has investigated that the architecture of Chrome is at least 60% less vulnarable than IE, FF, Opera, due to its internal Sandbox. Chrome was also the onbly browser not hacked at a recent 'hackers tournement'.

    Search the software and services section to find the posts and the othrr malware section for it.

    I know software using components also inherites the errors and exploit opportunities of these components, but the architecture chosen by Google in combination with the policy management sandbox of teh rendering engine, sure beats any browser available now.

    Policy management of Chrome is implemented through different mechanisms than Windows own. Policy management is the oldest and most reliable implementation of security. Every decent OS from the 1970's had it implemented (yes I refer to midrange and mainframe OS-ses).

    Also Unix is a lot older than Windows WIn32 implementation, consequent implementations of Microsoft only improved. XP was originally designed to have the browser as a part of the OS. When MickeySoft was forced to offer it as an option, they did a hasty job for sake of commerce. Vista suffered over complexity and they forgot about the old rule that increasing lines of codes, even designed with clear interfaces, requires an exponential testing effort (well nearly N2/(N-1)). On top of that MickeySoft hastely implement their own equilavents of distributed/remote code execution (they even brought two standards one competing with the Java world and one with the IBM backed mainframe world). That is why MickeySoft got a bad name, but that has nothing to do with policy management.

    Policy management is and will be the most transparent, easiest to manage and secure form of security. So Chrome is a good browser, with the best policy management security implementation available at the moment.

    Cheers Kees
     
  10. IceCube1010

    IceCube1010 Registered Member

    Joined:
    Apr 26, 2008
    Posts:
    963
    Location:
    Earth
    Everytime I see thathagat's signature, I laugh my arse off! :thumb:

    Very good post by Kee's. The Chrome browser feels more secure and is very fast. My only issue with it is the issue with connecting to a citix based server. The java api's are not working with Chrome yet. All my Jadvantage connections work fine with Chrome.

    Ice
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,728
    Location:
    localhost
    Chrome sandbox does not cover plug-in, pretty limited scope
     
  12. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    i still like to have some sort of early warning system like site ratings at least and such lıke NoScript etc. cuz although ALONE chrome might be good but nothing is perfect so without any failsafes for ur browser (like with FF add ons sometimes) then ur **** out of luck when something serious actually does hit through.
     
  13. m00nbl00d

    m00nbl00d Registered Member

    Joined:
    Jan 4, 2009
    Posts:
    6,623
    Due to the lack of plug-in functionality, your best bet would AVG Linkscanner. It will protect you against exploits, no matter what browser you make use of.

    Or, as someone else suggested, running Chrome (and any other browser, for that matter) sandboxed with Sandboxie.
     
  14. firzen771

    firzen771 Registered Member

    Joined:
    Oct 29, 2007
    Posts:
    4,815
    Location:
    Canada
    trust me ive used linkscanner for quite a while recently and wasnt impressed so id rather not have another program wasting resources...
     
  15. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Chrome takes their time for plug-ins. I applaud that, becauae plug-ins are the weakspots of any browser (compliments to the guys of Opera which have until now a well designed browser with secure and sufficient add-on/plug-in support).

    For phising and other (limited) sate site (was preparing saté on the BBQ :) rating (sate site rating is always dated), you could try OpenDNS, also has the benefit that checks are performed on their servers in stead on your PC. I have OpenDns set up through our router. I thought you used that also?
     
    Last edited: Jul 14, 2009
Loading...
Thread Status:
Not open for further replies.