Browser Security Lessons from Google Chrome

The Web has become one of the primary ways people interact with their computers, connecting people with a diverse landscape of content, services, and applications. Users can find new and interesting content on the Web easily, but this presents a security challenge: malicious Web-site operators can attack users through their Web browsers. Browsers face the challenge of keeping their users safe while providing a rich platform for Web applications.

Browsers are an appealing target for attackers because they have a large and complex trusted computing base with a wide network-visible interface. Historically, every browser at some point has contained a bug that let a malicious Web-site operator circumvent the browser’s security policy and compromise the user’s computer. Even after these vulnerabilities are patched, many users continue to run older, vulnerable versions.5 When these users visit malicious Web sites, they run the risk of having their computers compromised.

Google Chrome uses a modular architecture that places the complex rendering engine in a low-
privilege sandbox, which we discuss in depth in a separate report.1 Google Chrome has two major components that run in different operating-system processes: a high-privilege browser kernel and a low-privilege rendering engine. The browser kernel acts with the user’s authority and is responsible for drawing the user interface, storing the cookie and history databases, and providing network access. The rendering engine acts on behalf of the Web principal and is not trusted to interact with the user’s fi le system. The rendering engine parses HTML, executes JavaScript, decodes images, paints to an off-screen buffer, and performs other tasks necessary for rendering Web pages.

Google Chrome also makes vulnerabilities harder to exploit by using several barriers recommended for Windows programs.8 These include DEP (data execution prevention), ASLR (address space layout randomization), SafeSEH (safe exception handlers), heap corruption detection, and stack overrun detection (GS). These are available in recent versions of Windows, and several browsers have adopted them to thwart exploits.

Download PDF Manual Browser Security Lessons from Google Chrome


Related PDF Manuals:
BlackBerry Hardening Guide
BlackBerry Storm 9530 Smartphone version 4.7 User Guide
Instant Messenger Client for the Research In Motion BlackBerry Handheld
How to Install Windows 7 E plus IE8 or Another Browser
Running Windows XP Mode with Windows Virtual PC
Epson Artisan 810 Network Installation Manual Guide
Setting Up a Functional VPN Guideline
Nokia E72 Data Sheet Manual

July 11th, 2009 | by admin |

Post a Comment

Other search with:google chrome browser pdf - how do you add a trusted site to chrome?? - how safe is chrome? - how safe is the blackberry browser? - how to access pdf with google chrome - how to access the trusted sites on chrome - how to add a trusted website on chrome - how to add a website to trusted connection in mobile - how to bypass The sites security certificate is not trusted! chrome - how to config chrome - how to configure chrome security - how to configure safe ports in google chrome - how to install google chrome on blackberry - howto install certificates google chrome - install browser blackberry curve - installing chrome browser on blackberry - installing security certificates on google chrome - is there a google chrome browser for blackberry - how do I add trusted site with chrome? - handleiding pdf google a - handleiding google chrome pdf - google chrome for bb - google chrome for blackberry curve - google chrome handleiding - google chrome mafia wars - google chrome manual - google chrome manual download - google chrome or ie8 safelist - google chrome security policies - google chrome trusted sites - google chrome trusted sites list? - google chrome user guide - Google Chrome User guide pdf - google chrome users manual - google crome for blackberry curve - google moto manual download - google operator pdf - handleiding google chrome - is users manuals guides website safe? - Lessons from google chrome - safe downloads for 765t nuvi - safe site chrome - security certificate on facebook - security guideline manual - security operators manuals pdf - security safe to have a search on google facebook - trusted free pdf ebook site - trusted site chrome - trusted site in chrome - trusted websites on google chrome - view pdf in browser security - view pdf in chrome - Website Security book pdf free - windows 7 lesons in pdf freeware - windows mobile chome manual - windows mobile trusted browser - windows mobile trusted site steps - safe browsing blackberry - privileged google chrome - pdf návod googl - lessons to teach safe web browsing - lower privileges chrome - mafia wars and chrome - mafia wars google chrome - mafia wars windows vulnerable - mail google com not trusted in chrome? windows 7 - manual do google chrome - manual on security guidelines - modular architecture free downloads books - modular architecture pdf - not trusted website on blackberry - operator for google chrome - operator manual google chrome download - palm pre microsoft exchange security certificate is not a trusted certificate - pdf and google chrome web browser - pdf chrome - PDF detection google chrome - windows security guide pdf - 1 - chrome - manual - chrome add certificate - chrome add security - chrome add to trusted list - chrome add trusted sites - chrome adding urls - chrome and security certificates - chrome browser manual download - chrome certificate download - chrome howto secure privacy - chrome manual download - chrome pdf in web browser - chrome privileges google - chrome security manual - chrome trusted sites eintragen - chrome trusted websites - chrome users guide - chrom pdf - BROWSERS LESSONS - browsers for blackberry curve - add all google pages as trusted sites -