Slashdot Mirror

← Back to Stories (view on slashdot.org)

A Closer Look At Chromium and Browser Security

Posted by Soulskill on from the such-as-it-is dept.

GhostX9 writes "Tom's Hardware's continuing series on computing security has an interview with Adam Barth and Collin Jackson, members of Stanford University's Web Security Group and members of the team that developed Chromium, the open-source core behind Google Chrome. The interview goes into detail regarding the sandboxing approach unique to Chromium, comparisons between the browser and its competition, and web security in general."

15 of 109 comments (clear)

  1. Good by maz2331 · · Score: 4, Insightful

    These are all great ideas, and I hope Firefox and/or MSIE pick up on them, simply because I can't stand the Chrome UI.

    Sorry, but that thing just isn't what a browser is supposed to be.

    The uhderlying technology can be the greatest ever, but if the interface sucks, well, I won't use it.

    1. Re:Good by mhousser · · Score: 5, Informative

      I love the interface! What I don't love, however, are the millions of ads that I forgot existed. I'll move to Chrome the minute it supports plugins and AdBlocker is ported to it. Chrome's plugin API will be finished later this year.

    2. Re:Good by Anonymous Coward · · Score: 5, Informative

      It supports greasemonkey scripts if you append --enable-user-scripts to its shortcut. And theres a script for it that works exactly like adblock.

    3. Re:Good by cryptoluddite · · Score: 3, Informative

      Chromifox makes firefox look a lot like Chrome. Chrome is a nice toy, but it's UI is pretty lacking when you want to do something like maximize screen space on a 1024x600 screen.

    4. Re:Good by similar_name · · Score: 3, Interesting

      My biggest complaint about the interface is it unnecessarily creates its own window/title bar. As such I can't use RBtray on it to keep Chrome windows 'always on top'. Which I like to do so I can stick a hulu window in the corner of my screen while I'm browsing.

    5. Re:Good by asdf7890 · · Score: 4, Informative

      OK, let's here it: why is user scripting a security hole?

      With early versions of GreaseMonkey, the way the user scripts were applied to pages would allow the page to affect easily the GM in ways that could lead to cross-site attack vectors.

      That is why GM had a fairly complete redesign around the middle of 2005, remove the issue(s) that affected all scripts, but individual scripts can still be vulnerable depending on their design - hence you should be careful not to let a script apply globally for security reasons as well as efficiency ones. For a decent description of the problems with earlier GM versions and problems that you can still create for yourself in the latest versions, this article does a decent job.

      The other major problem with user scripting is using scripts from other sources without performing an exhaustive code review first. How do you know that the script you have just enabled isn't subject to one of the flaws? How do you know it isn't intentionally malicious? There have been several cases of this in the past, hence the warning message before you add a script to GM in recent versions and the warning message that appeared on userscipts.org for some time (as malicious scripts were found in their archive).

      Like many things, user scripting isn't a problem if both programmers and users are educated, careful and care. There lies the problem.

      I use GM myself, with scripts of my own devising or those from elsewhere that I have sufficiently reviewed, but I would not recommend it (or equivalents) to the general populous as they do not need any further ways to dig themselves into a malware riddled hole.

  2. Adblock for Chrome -- Use SwWare Iron "Chrome" by blahbooboo · · Score: 5, Interesting

    Srware Iron is Chrome compiled without all the Google spyware crap and it has adblock built in.

    I LOVE IT! Firefox (all versions) is sooooo slow compared to Chrome/Iron.

    http://www.srware.net/en/software_srware_iron.php

    1. Re:Adblock for Chrome -- Use SwWare Iron "Chrome" by sortius_nod · · Score: 3, Interesting

      So what about its adblock, the thing doesn't render pages correctly. From what I can tell it is a badly compiled version of chrome.

      When they get it right, then I might think about using it... uninstall time.

    2. Re:Adblock for Chrome -- Use SwWare Iron "Chrome" by blahbooboo · · Score: 3, Interesting

      So what about its adblock, the thing doesn't render pages correctly. From what I can tell it is a badly compiled version of chrome.

      When they get it right, then I might think about using it... uninstall time.

      I get some weird font smoothing occassionally on Slashdot, otherwise works perfectly for me. It's so blazing fast when I go back to Firefox I am shocked how agonizingly slow the browser is to render pages...

    3. Re:Adblock for Chrome -- Use SwWare Iron "Chrome" by blahbooboo · · Score: 3, Interesting

      Thanks for the link man. I'm sick of firefox cause of its slowness, but I was also getting sick of Chrome, so this should be a good alternative.

      Does anyone have the following problems I have with Chrome?

      (1) It freezes up continually, and when it does freeze up, it effects the entire computer.

      (2) When accidently clicking on a PDF link the entire thing crashes, and computer freezes up.

      I love chrome cause of its speed, but goddamn. The amount of restarts of my computer I've had with it I'm seriously looking for another browser (NOT firefox).

      Are you using Adobe Acrobat for PDFs? That's likely your problem and not the browser.

      Uninstall that crap and use Foxit PDF Reader instead.

  3. Google Main Page Says To Use Chrome Only In IE by Anonymous Coward · · Score: 5, Interesting

    When I go to the main google page in IE 8, it has this huge icon telling me to use Chrome in the top right corner. When I go there in FF, its not there. Is google singling out IE users?

    1. Re:Google Main Page Says To Use Chrome Only In IE by Tacvek · · Score: 5, Insightful

      Perhaps. My guess is they have logic like the following:

      If you use Firefox, you probably already have heard about Chrome, and have decided not to switch. If you use IE, you probably have no idea that other browsers even exist, but you may know and like Google, so would be willing to give this Chrome thing a try.

      --
      Stylish sheet to fix many problems in Slashdot's D3: https://gist.github.com/801524
    2. Re:Google Main Page Says To Use Chrome Only In IE by Anonymous Coward · · Score: 5, Funny

      Or maybe they just wrote the page such that standards-compliant browsers won't show the advert.

    3. Re:Google Main Page Says To Use Chrome Only In IE by Anonymous Coward · · Score: 5, Informative

      I am sorry but that's incorrect. Firefox uses a local database of suspicious URLs that is updated every 30 min. URLs are never send to Google, Google sends suspicious URLs to Firefox.

      The functionality you describe was optional in older versions of Firefox (to eliminate the max 30 min. delay for ultra paranoid people) but was removed on request of Google because it caused them too much load.

  4. Not so good. Time to make gooder. by JavaManJim · · Score: 3, Insightful

    I like Chrome's Home Page web thumbprints.

    I dislike that I cannot control these. For example right now, I have two timesonline.uk up. Permanently it seems. The "tool" icon does not allow Home Page editing. It should.

    So,
    A. If anyone out there can enlighten me on how to adjust Home Page icons. Go ahead.
    B. If not Chrome developers, are you listening? Add web page adjustments to the Home Page. Pretty please?

    Thanks