News

Google OS plan puts Chrome security in spotlight

Tags:
Security,
Browser,
OS,
Chrome

Elinor Mills CNET News

Published: 23 Jul 2009 17:02 BST

The techniques Google uses to protect Chrome users from browser-based attacks have taken on new importance with the company's plan to make the software the centrepiece of a netbook operating system.

Two weeks ago, Google announced plans for the creation of an open-source Chrome operating system designed for people who spend most of their time on the web. The Google Chrome OS is a "natural extension" of the Chrome browser running atop a Linux foundation, said Sundar Pichai, vice president of product management, and Linus Upson, engineering director, in a blog post.

Like the Chrome browser, the Chrome OS will be built from the ground up, with development focused on three key areas — speed, stability and security. "We are going back to the basics and completely redesigning the underlying security architecture of the OS so that users don't have to deal with viruses, malware and security updates," the post said.

Google representatives declined to elaborate on plans for the OS, but it will likely align closely with what they have done with the browser, particularly given the fact that attacks on the browser outnumber those targeting the underlying operating system. The number of new browser vulnerabilities has increased rapidly each year since 2003, while the number discovered in web browser plug-ins has more than quadrupled, according to the US government's National Vulnerability Database.

It is also notable that Google includes features in its browser that are typically associated with operating systems.

"Google Chrome from day one had its own task manager, just like Windows did, showing memory consumption and CPU utilisation. I said that's what an operating system has. It's a fairly clean translation," said Billy Hoffman, manager of the web security research group at HP.

The Chrome OS, whose source code is due to be released publicly later this year as Google tries to enlist open-source programming allies, is likely to change the operating system landscape like the Chrome browser did, prompting rivals to try to match or beat its features.

"The innovation [coming out] of the browser wars is bringing more and better security," Hoffman said. "The Chrome browser itself is fairly hardened, and we hope they move into more user protections like IE8 and Firefox."

Chrome has several design features that optimise security, including sandboxing, which restricts privileges of key parts of the browser so that it is harder to co-opt them for mounting an attack, and multi-process architecture, which stores websites and applications in separate areas of browser memory areas and isolates them from the rest of the computer.

Overall, security experts say Chrome shows that Google takes security seriously and its developers are willing to try new approaches to achieve it.

"Google has done a lot of innovation in terms of security in Chrome," said Matt Wood, a senior researcher in Hoffman's department at HP.

Starting from scratch
Being new to the browser game helped.

"By starting fresh, we had the option to do very innovative things we wouldn't have been able to do otherwise," said Ian Fette, the Chrome product manager specialising in security features.

What set Chrome apart when it launched in beta last September was that it splits the browser into multiple parts. The browser kernel interacts with the OS and handles only trusted code, storing things such as bookmarks and cookies on the computer. Other main components, the rendering and JavaScript engines that figure out how to display web pages and execute web-based JavaScript programs, run with restricted privileges in a sandbox that limits access to the underlying system.

Chrome's initial line of defence is to check a site being visited against several anti-malware and anti-phishing blacklists that comprise Google's Safe Browsing service.

If some malware evades the safe browsing screen, it is likely to be blocked by Chrome's sandboxing technology. The sandbox runs an application in a restricted environment, isolating HTML rendering and JavaScript execution to prevent them from writing to the hard drive or registry, or accessing files.

"The goal is to make it impossible for malware to install itself and access your data on your local computer," Fette said.

Chrome also restricts each browser tab to its own computing process. That further prevents malware from being downloaded or interacting with other web pages that are open in other tabs.

Automatic updates
Another aspect of Chrome that security experts praise is the so-called "silent" auto-update feature. New versions of the browser are automatically updated on computers in the background without the user taking any action.

Chrome checks for updates every five hours using the open-sourced Google Update software, codenamed Omaha, which polls for updates even when the browser is not running. When a new update is available on the Google server, the client automatically…