UPDATE: Reading the Google chrome comic that I received offline – man, I have to admit, this does sound pretty hot. Lots of interesting things – but first and foremost the one that security geeks will care about most – they have in some way ACL’d the tab processes to make them like a ‘jail’ or ‘sandbox’. They seem to have not only disabled write access to the file system ala low rights IE (no write-up policy) but seem to have taken the low IL concept a step farther even! In the comic they explicitly call out our BIBA-like implementation of integrity levels and talk about how low IL processes can read up to a higher IL, but they can’t write-up (i.e. low IL can’t write to Medium IL but it CAN read medium IL data which may still be sensitive) . . . in their model they are claiming that low rights processes can’t even read up unless some action is explicitly taken by the user. If true, that’s huge and a compelling win over FireFox right there in and of itself . . . and may even give them an edge over IE8 on Vista? We’ll have to see how strong that sandbox is . . . Whoa . . . I also like the Task Manager for Chrome that lets you track CPU usage / memory consumption by tab. The updated JVM sounds interesting as well . . . looks like they have written their own JVM from the ground up and focused on speed and making garbage collection work right. Also it appears you’ll be able to move tabs from the main UI to their own separate window – so you could have one tab on one LCD and another tab on another . . . also what they are calling the ‘Omnibox’ (the URL bar) is described in a downright Steve Jobs like fashion as being “perfectly, aesthetically, non-distracting”, and heh – they also have a ‘porn mode’ where nothing gets saved locally just like IE8 . . . man . . . I have to admit – I’m probably going to have to install this and play with it (though not because of porn mode. :)). Finally – the comic also does call out that they have at least done fuzzing (cute picture of presumably infinite monkeys hammering away at infinite keyboards) and they even go into some of the automated testing they do with the daily builds to make sure they can render the most popular pages right etc. All very interesting stuff!
Man – between vacation and working on special projects – I’ve been pretty busy for the last month and haven’t had any time to blog about stuff. Probably won’t be any reprieve in the near future but here’s a quickie.
Sooo . . . last night I heard about Google Chrome from a friend . . . which I believe is being released for Windows today?
At first glance – this seems cool – they have adopted the tab per process model like we have with IE8 to help isolate web apps running in tabs . . . but then they have added a new feature that will let web pages be launched without “chrome” (well – what we used to call chrome heh) . . . that would be the address bar and toolbar etc. If you remember we actually worked hard to *prevent* web sites from being able to do this sort of stuff in IE6 on XPSP2 after realizing it was a bad idea (go here: http://www.microsoft.com/technet/prodtechnol/ie/reskit/6/appendix.mspx?mfr=true click on ‘Window Restrictions’) due to phishing attacks and other nefarious things that malicious web sites could do to try and trick users. Here’s hoping Google has thought of this and is not re-living the mistakes of the past like Apple seems to be with Safari. 🙂
I’m actually pretty excited about this . . . I know the IE team has been working super hard on making IE8 not only fast – but extremely secure. We’ve already seen FireFox 3 getting beat up pretty badly with the first vulns appearing just hours after its release – and Safari is pretty bad from a security PoV it would seem based on all of the vuln reports and stupid old-school “too many chars in a tag” type bugs that were present at launch. So I’m excited to not only have yet more browser competition but I’m also excited to see how seriously the Google developers actually take secure coding (I’m sure we’ll find out soon if they launch Chrome today). From their blog, their mantra of “launch early and iterate” (if I understand the meaning properly) seems a bit dangerous in this day and age . . . hmm – speaking of iterating – I wonder how well their auto-update mechanism will work for Chrome . . . and whether it will be MITM’able like other 3rd party vendors or whether it will work on Vista as a standard user . . .
It will also be interesting to see who’s market share Chrome eats into . . . I bet it hurts FireFox more than IE. 🙂