copyright | disclaimer | privacy | contact  
Australia's Leading Computer Emergency Response Team
Search this site

On this site

 > About AusCERT
 > Membership
 > Contact Us
 > PKI Services
 > Publications
 > Sec. Bulletins
 > Conferences
 > News & Media
 > Services
 > Web Log
 > Site Map
 > Site Help
 > Member login


Google Chrome - How shiny is it?

Date: 03 September 2008

Click here for printable version

Google has today released the first public beta of their new web browser, known as Google Chrome, as an alternative to other popular browsers. Chrome introduces a number of new and innovative features, but with these new features come some potential security concerns. The development of Chrome has relied on numerous open source projects, such as Apple's WebKit and Mozilla's Firefox. All Chrome code will be made available as open source as well, which will allow members of the community to add significant value to the project, and provide security reviews, but could also allow attackers to analyse the code and potentially identify vulnerabilities.

According to Google, Chrome includes numerous new features and enhancements to the web browsing experience. The first obvious change between Chrome and other browsers, is that the traditional address bar now also behaves as a search bar (tied to the user's favourite search engine), as well as web history (similar to Firefox 3.0). The next distinct difference is that each time a tab page is opened a visual sampling of the user's most visited sites, search engines, recent bookmarks and closed tabs will be visible, and can be quickly navigated to, unlike other browsers that open an empty tab.

Chrome uses a new JavaScript engine, known as V8, which has been written from scratch in C++. V8 is optimised to execute JavaScript code much faster than existing JavaScript engines. JavaScript is a type-less language which has some negative effects on performance, V8 has done two things to get around this, it compiles the code to native assembly language and hidden class transitions. Another new feature - known as 'Crash Control' - each tab within Google Chrome is contained within a 'sandbox', and therefore can prevent one tab from crashing other tabs and the entire application. This can also prevent individual tabs from talking to each other, which should prevent cross-site request forgery. Being a Google product, Chrome can benefit from other Google security initiatives which identify potentially unsafe website content, malware, phishing and otherwise unsafe sites, and will warn users if they are about to visit such sites.

Additionally, Chrome includes "Incognito mode", which allows the user to browse without any information being logged into the browser's browsing and download histories, and will delete all cookies once the "Incognito" window is closed. The forensic implications here are clear, as pages are executed entirely from within memory, so information likely won't be written to disk unless paged.