ACM Queue has just added a new paper by Charles Reis, Adam Barth and Carlos Pizano. It expands upon the information published earlier about the effectiveness various browsers’ update mechanisms, adding information about the measures taken to keep users from visiting malicious websites and, more importantly, the ways in which they prevent the inevitable bugs in their browser from being exploited.
The techniques used include placing the entire rendering engine, the most complex piece of code for most browsers, in a sandbox. Beside that, they make extensive use of Data Execution Prevention, Stack Overrun Detection and (on Windows Vista and Windows 7) Address Space Layout Randomization. Read the entire paper for details; not only does it provide insight into the way Chrome was built with security as a main objective, but it also shows why the Mac and Linux versions are taking so long. Some of these techniques are tightly integrated with the operating system:
Mac OS X has an operating system-provided sandbox, and Linux processes can be sandboxed using AppArmor and other techniques. For Windows, we chose our current sandbox because it is a mature technology that aims to provide both confidentiality and integrity for the user’s resources. As we port Google Chrome to other platforms such as Mac and Linux, we expect to use a number of different sandboxing techniques but keep the same security architecture.