Create an Account
username: password:
 
  MemeStreams Logo

Azimuth Security: The Chrome Sandbox Part 1 of 3: Overview

search

Security Reads
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Security Reads's topics
Arts
Business
Games
Health and Wellness
Home and Garden
Miscellaneous
Current Events
Recreation
Local Information
Science
Society
Sports
Technology

support us

Get MemeStreams Stuff!


 
Azimuth Security: The Chrome Sandbox Part 1 of 3: Overview
Topic: Miscellaneous 9:12 pm EDT, May 22, 2010

The Chrome Sandbox Part 1 of 3: Overview
posted by Mark @ 5/20/2010 08:26:00 PM

Earlier this year, CanSecWest hosted the popular "Pwn2Own" contest, whereby contestants attempt to exploit vulnerabilities they have discovered in popular software packages. The contest has a strong focus on web browsers, and this year, it didn't disappoint: all of the major web browsers were successfully compromised, with the notable exception of Google's Chrome. I believe Chrome's survival was largely due to its integrated sandbox, which aims to isolate the browser from being able to perform any potentially adverse operations on the system upon which it is running. I have been working with Google for the last several months on Chrome, with one of my major charges being a security review of the sandbox and its related components. Therefore, with Google's blessing, I thought I might take some time here to discuss the basic sandbox architecture, the attack surface, and present a few examples of vulnerabilities I uncovered during my time working on it.

Azimuth Security: The Chrome Sandbox Part 1 of 3: Overview



 
 
Powered By Industrial Memetics
RSS2.0