Exclusive Interview: Google Chrome's Chromium Core Explored

Features
By Alan Dang
published

At The Heart Of Chrome

Alan: What is your current computer configuration and what Web browser do you use on a regular basis?

Collin: I try not to play favorites, spending equal time on IE, Firefox, Safari, Chrome, and Opera. My primary laptop is a Mac with VMWare Fusion running Windows XP, but I have Vista and Ubuntu machines around if I need them.

Adam: I have a bunch of computers that I use, but my favorite is my Mac Mini because it’s so small and quiet. As for browsers, I'm mostly using the Chrome 2 beta, but I've also been playing around with IE 8 because it's the new kid of the block.

Alan: Macs definitely seem to be a favorite among security researchers. One of the reasons we wanted to talk with you is to learn more about the security features of Chromium (the core of Google Chrome). Were both of you just asked to do the analysis of Chromium or were you involved with the original concept and implementation?

Adam: When we joined the project, the team had already decided to sandbox the rendering engine, but sandboxing the rendering engine isn't enough for security. You also need to think carefully about the interface between the browser kernel and the rendering engine. For example, how can you let users upload files to Web sites without letting the rendering engine read arbitrary files? That's the kind of thing we helped out with.

Alan: What were the goals of Chromium from a security standpoint?

Collin: Chromium's architecture is designed to protect against malware, file theft, and keylogging in the event that there's a vulnerability in the rendering engine. Chromium also provides industry-standard anti-malware and anti-phishing features such as Safe Browsing and Extended Validation. In Google Chrome, these features are complemented by an automatic update mechanism that lets Google roll out security fixes quickly if necessary.

Alan: Our readers understand the differences between multi-threaded and single-threaded applications when it comes to performance, but Chromium is built around multiple processes rather than a single process. How does that help with security rather than performance?

Adam: By separating the browser into to multiple processes, Chromium can leverage security features built into the operating system to sandbox the rendering engine. Using separate processes also makes the interface between the components clear because the components can interact only via a narrow inter-process communication channel.

Alan Dang
26 Comments Comment from the forums
  • duckmanx88
    security features? im using chrome right now. love it. but this thing is far from secure. it shows you all your saved passwords with no protection. and i'd like to open my tabs on a page i select and not my most viewed sites for everyone to see.
    Reply
  • thee_prisoner
    +1 Duckman, I also do not like to have my passwords saved. It is convenient to have your most viewed websites posted, but it can lead to issues with work. Even though I use this function, it might get messy in an environment where you have competitive co-workers to easily see what you are working on.

    What I would like to see, make it so that people have a way to access these features quickly, but still maintain some security.

    Really though in all browsers people can just look at your history of your websites that you visited, unless of course you delete your history all the time.

    Chrome is great. It is fast and easy to use.

    BTW, at least Berkeley and other state schools generally give you better well rounded education. I find accumulation of knowledge helps in all fields, we do not to become a world of engineers.

    Be seeing you...
    Reply
  • interesting.. even if i dont know anything about coding....
    i love opera btw....!
    Reply
  • csuftech
    @duckmanx88, given that it was the only browser that was not compromised at this years Pwn2Own contest, I would say it's pretty secure. Also, if you don't want the most visited sites page, go to Wrench > Options > Basics and then just click on "Open this page".
    Reply
  • UC Berkeley is a second-rate school? Ha!
    Reply
  • deltatux
    Been using Google Chrome since its release and it's fantastic, I love the security built into the browser and I love the multiprocess approach, makes a lot of sense.
    Reply
  • sunraycer
    @csuftech: That's for the homepage right? I think he's talking about opening a TAB with the +. I'd also like to open to a page and not my most used page list. Nice as an option, but not as a forced function. I'd hope this would change when they have new versions. The settings are fairly sparse in Chrome in general. Hopefully they'll incorporate more. I've been using Chrome since I read the last article in this series and I'm starting to like it already. Might start trying to use the beta to see what's on the way...
    Reply
  • Capability-based security is a nice topic, since it fits very well with general Internet infrastructure. I.e. there's no global system of roles, users and ACLs, but even now it's possible to build capability-based systems using browser cookies.

    Are there any developments in this area?
    Reply
  • ossie
    "Macs definitely seem to be a favorite among security researchers."
    "In order to take advantage of the most security features, users need to be running NTFS and Windows Vista."
    "While Mac OS X Leopard offers less security features than Windows Vista or Windows 7, it offers better safety because there are fewer threats."

    Very funny mr. Dang. Your pathetic attempts to push m$ corporate spin failed miserably...
    No serious professional would use m$ crap for it's important work. OS X (BSD Unix) is still more secure than windblow$ even if you try hard to suggest otherwise.
    Reply
  • dvader
    @ossie: you are pretty clueless, sir. Read the Charlie Miller interview.
    Reply