Google Chrome, the security tidbits

Google browser and securityThe oft-rumored Google browser is real. It’s called Google Chrome and it comes with a handful of security-related features like privacy mode and blacklist-based blocking of phishing and malware sites.

[ PREVIOUSLY: Google hires browser hacking guru ]

A beta version of the new browser is expected to ship on Tuesday September 2 (Windows only) in more than 100 countries. A cartoon explanation also hints at the use of single-site browsers (like Mozilla’s Prism) and tabbed browsing within sandboxes.

From the official announcement:

  • Under the hood, we were able to build the foundation of a browser that runs today’s complex web applications much better. By keeping each tab in an isolated “sandbox”, we were able to prevent one tab from crashing another and provide improved protection from rogue sites. We improved speed and responsiveness across the board. We also built a more powerful JavaScript engine, V8, to power the next generation of web applications that aren’t even possible in today’s browsers.

Google said it used components from Apple’s WebKit and Mozilla’s Firefox to build the browser and plans to open-source all the code.

[ SEE: Microsoft confirms ‘InPrivate’ IE 8 ]

On the Google Blogoscoped blog, some of the security tidbits are mentioned:

  • Chrome has a privacy mode; Google says you can create an “incognito” window “and nothing that occurs in that window is ever logged on your computer.” The latest version of Internet Explorer calls this InPrivate. Google’s use-case for when you might want to use the “incognito” feature is e.g. to keep a surprise gift a secret. As far as Microsoft’s InPrivate mode is concerned, people also speculated it was a “porn mode.”
  • Web apps can be launched in their own browser window without address bar and toolbar. Mozilla has a project called Prism that aims to do similar (though doing so may train users into accepting non-URL windows as safe or into ignoring the URL, which could increase the effectiveness of phishing attacks).
  • To fight malware and phishing attempts, Chrome is constantly downloading lists of harmful sites. Google also promises that whatever runs in a tab is sandboxed so that it won’t affect your machine and can be safely closed. Plugins the user installed may escape this security model, Google admits.

Dennis Fisher makes the case that Google Chrome is unlikely to attract security-minded Web surfers.

[Source: zdnet]