Design/ Security /Blacklists ...

Submitted by cromedownload on Mon, 11/17/2008 - 21:15

Citation of Source: Wikipedia - Open Source Project

Design/ Security /Blacklists

Crome periodically downloads updates of two blacklists (one for phishing and one for malware) and warns users when they attempt to visit a harmful site. This service is also made available for use by others via a free public API called "Google Safe Browsing API". In the process of maintaining these blacklists, Google also notifies the owners of listed sites who may not be aware of the presence of the harmful software.

Sandboxing
Each tab in Crome is sandboxed to "prevent malware from installing itself" or "using what happens in one tab to affect what happens in another". Following the principle of least privilege, each process is stripped of its rights and can compute but can't write files or read from sensitive areas (eg documents, desktop), this is similar to "Protected Mode" that is used by Internet Explorer 7 on Windows Vista. The Sandbox Team is said to have "taken this existing process boundary and made it into a jail"; for example malicious software running in one tab is unable to sniff credit card numbers, interact with the mouse or tell "Windows to run an executable on start-up" and will be terminated when the tab is closed. This enforces a simple computer security model whereby there are two levels of multilevel security (user and sandbox) and the sandbox can only respond to communication requests initiated by the user.

Plugins
Plugins such as Adobe Flash Player are typically not standardised and as such cannot be sandboxed like tabs. These often need to run at or above the security level of the browser itself. To reduce exposure to attack, plugins are run in separate processes that communicate with the renderer, itself operating at "very low privileges" in dedicated per-tab processes. Plugins will need to be modified to operate within this software architecture while following the principle of least privilege.

Incognito
Crome includes an Incognito mode (similar to Safari's Private Browsing and Internet Explorer 8's InPrivate) which "lets you browse the web in complete privacy because it doesn’t record any of your activity" and discards cookies. When enabled for a window "nothing that occurs in that window is ever logged on your computer."

Speed / JavaScript
The Javascript virtual machine was considered a sufficiently important project to be split off (like Adobe/Mozilla's Tamarin) and handled by a dedicated team in Denmark. Existing implementations were designed "for small programs, where the performance and interactivity of the system weren't that important" but web applications like Gmail "are using the web browser to the fullest when it comes to DOM manipulations and Javascript". The resulting V8 JavaScript engine was designed for speed and introduces new features with that in mind such as hidden class transitions, dynamic code generation, and precise garbage collection. Tests by Google show that V8 is about twice as fast as Firefox 3 and the Safari 4 beta.

Stability / Multiprocessing
The Gears team were considering a multithreaded browser (noting that a problem with existing web browser implementations was that they are inherently single-threaded) and Crome implemented this concept with a multiprocessing architecture similar to the one implemented by IE8. A separate process is allocated to each task (eg tabs, plugins), as is the case with modern operating systems. This prevents tasks from interfering with each other which is good for both security and stability; an attacker successfully gaining access to one application does not give them access to all and failure in one application results in a Sad Tab screen of death, similar to the well-known Sad Mac. This strategy exacts a fixed per-process cost up front but results in less memory bloat overall as fragmentation is confined to each process and no longer results in further memory allocations.

Task Manager
Crome features a process management utility called the Task Manager which will allow the user to "see what sites are using the most memory, downloading the most bytes and abusing (their) CPU" (as well as the plugins which run in separate processes) and terminate them.

User interface/ Gears
Crome includes Gears which adds developer features that may or may not become web standards, typically relating to the building of web applications (including offline support).

New Tab Page
Crome replaces the browser home page which is displayed when a new tab is created with a New Tab Page. This shows thumbnails of the nine most visited web sites along with the sites most often searched, recent bookmarks and recently closed tabs. This concept appeared first with Opera's Speed Dial.

Omnibox
The Omnibox is the URL box at the top of each tab, based on the one in Opera. It includes autocomplete functionality but will only autocomplete URLs that were manually entered (rather than all links), search suggestions, top pages (previously visited), popular pages (unvisited) and text search over history. Search engines can also be captured by the browser when used via the native user interface by pressing Tab.

Popups
Popup windows "are scoped to the tab they came from" and will not appear outside the tab unless the user explicitly drags them out. It is not clear whether they also run in their own process.

Rendering engine
Crome uses the WebKit rendering engine on advice from the Android team. The WebKit engine is simple, memory efficient, useful on embedded devices and easy to learn for new developers.

Tabs
Tabs are the primary component of Crome's user interface and as such have been moved to the top of the window rather than below the controls (similar to Opera). This subtle change is in contrast to many existing tabbed browsers which are based on windows containing tabs. Tabs (including their state) can be seamlessly transferred between window containers by dragging. Each tab has its own set of controls, including the Omnibox URL box.

Standards
The first release of Google Crome Beta (Build 1583) does not pass the Acid3 test, it scores 77/100 and does not render the image correctly.

Webapps
Webapps can be launched in their own streamlined window without the Omnibox URL box and browser toolbar. This limits the browser chrome so as not to "interrupt anything the user is trying to do", allowing web applications to run alongside local software (similar to Mozilla Prism, Adobe AIR and Fluid).

google browser chrome beta