Log in

No account? Create an account
Previous Entry Share Next Entry

Google Chrome web browser winning this year's security contest too

Pwn2Own 2010: Google Chrome is the last man standing

I think it was 10-15 years ago that security researchers I know started saying that web browsers should run in a sandbox.

The point being that there will always be bugs, you want to make them unexploitable by having them run in a well-defined, difficult-to-escape, part of the computer.

There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."

That's just sweet to hear.

  • 1

Came out clean. Well done. Eventually someone is likely to find a way to reliably break the sandbox - all protections seem to fall in time - but Chrome is a fine example of how defense in depth works and really improves security.

  • 1