Google Shares Chrome Browser Security Principles
What’s under the Chrome browser’s hood
Google shares the principles behind Chrome security in a document that gives users some insight into the browser development. Some of the major security principles which the company follows are: design for defense in depth, be transparent, engage the community, speed matters and make the web safer for everyone.
Computer users should always seek to reduce attack surface for attackers and indepth knowledge of under-the-hood security features can help with these decisions.
The goal in designing Chrome’s security architecture was to layer defenses, and avoid single points of failure. Chrome’s sandbox architecture represents one of the most effective parts of this strategy, but it’s far from the only piece. Google also employ the best available anti-exploit technologies—including ASLR, DEP, JIT hardening, and SafeSEH—along with custom technologies like Safe Browsing, out-of-date plugin blocking, silent auto-update, and verified boot on Chrome OS. And they continue to work towards advancing the state of the art with research into areas like per-origin sandboxing and control flow integrity.
The company do not downplay security impact or bury vulnerabilities with silent fixes, because doing so serves users poorly. Instead, they provide users and administrators with the information they need to accurately assess risk. They publicly document the security handling process, and disclose all vulnerabilities fixed in Chrome and its dependencies—whether discovered internally or externally.
Comments
Be the first to write a comment
You must me logged in to write a comment.