Security-wise, Google Chrome is (potentially very) Good

Security bloggers are already commenting on Google’s slightly premature “Chrome” browser leak. Built on top of the Apple sponsored WebKit engine, the browser offers several security features that we have only seen so far in the beta releases of IE8.

The most interesting feature discussed so far is the strict memory separation afforded by the technology, where each web application will operate in its own memory space with its own virtual machine for code execution. Keep in mind that modern browsers are practically primitive operating systems unto themselves. They handle asynchronous network traffic, user input, data rendering, and code execution. Modern operating systems, say, anything created in the past 25 years, implement dozens of technologies that allow for the safe execution of multiple processes simultaneously, such as individual memory spaces for each application. This feature, for example, helps prevent the crash of one application from taking down the entire system by not allowing applications to corrupt each other’s memory spaces.

Currently, browsers still operate as single applications inhabiting a single process space, and devote a significant portion of their codebase to keeping individual webapps separate from stepping on one another. The Chrome philosophy appears to be more akin to not reinventing the wheel, where the full-set of operating system process separation features are used rather than rebuilding them inside the

As more and more applications move from the desktop, an environment that provides some means of process isolation, to an environment where one application can inadvertently take down another, the user experience will move from one of relative stability and security to one without. In many ways, Google’s Chrome technology is the next necessary step in the movement away from desktop applications to everything being delivered as a service.

[Source: zdnet]