Linked by Thom Holwerda on Wed 3rd Jun 2009 11:21 UTC, submitted by Hakime
Google One of the defining features of Google's Chrome web browse is its sandboxing feature. You probably won't realise it's there, but from a security point of view, sand-boxing is one of the most impotant factors in browser security, as it severely limits the amount of damage a security hole can do: sure, you've got a hole in the browser, but thanks to sandboxing, you're pretty much locked in - until you break out of the sandbox, of course. Sandboxing on the Windows variant of Chrome was a "complicated affair", says Chromium developer Jeremy Moskovich, but for the Mac version, it's all a bit easier and more straightforward. On Linux, however, it's a mess.
Thread beginning with comment 366776
To read all comments associated with this story, please click here.
Go without it, for now
by werfu on Wed 3rd Jun 2009 12:13 UTC
werfu
Member since:
2005-09-15

I'd say it would be better to conceive a security framework agnostic sandbox and then implement a module for each security framework they'd like to support. I guess going for SELinux and AppArmor would be a safe bet. And being modular, nothing could stop somebody from adding another security "provider". But for now, I'd go with a void security provider, if it can bolster their development. Heck, it's an alpha browser, don't expect it to be secure as much as a production ready browser.

Reply Score: 0

RE: Go without it, for now
by jokkel on Thu 4th Jun 2009 07:04 in reply to "Go without it, for now"
jokkel Member since:
2008-07-07

That is your solution? Develop an abstraction layer for security systems? Because that worked out so well in the case of audio…

Edited 2009-06-04 07:06 UTC

Reply Parent Score: 2