Google Chrome features a minimalistic user interface, with its user-interface principles later being implemented into other browsers. For example, the merging of the adress bar and search bar into the omnibox. Chrome also has a reputation for strong browser performance.
Bookmarks and settings synchronisation
Chrome allows users to synchronize their bookmarks, history, and settings across all devices with the browser installed by sending and receiving data through a chosen Google Account, which in turn updates all signed-in instances of Chrome. This can be authenticated either through Google credentials, or a sync passphrase.
Security
Chrome periodically retrieves updates of two blacklists (one for phishing and one for malware), and warns users when they attempt to visit a site flagged as potentially harmful. This service is also made available for use by others via a free publicAPI called "Google Safe Browsing API".
Chrome uses a process-allocation model to sandbox tabs. Using the principle of least privilege, each tab process cannot interact with critical memory functions (e.g. OS memory, user files) or other tab processes — similar to Microsoft's "Protected Mode" used by Internet Explorer 9 or greater. The Sandbox Team is said to have "taken this existing process boundary and made it into a jail." This enforces a computer security model whereby there are two levels of multilevel security and the sandbox can only respond to communication requests initiated by the user. On Linux sandboxing uses the seccomp mode.
Security vulnerabilities
No security vulnerabilities in Chrome were exploited in the three years of Pwn2Own from 2009–2011.
At Pwn2Own 2012, Chrome was defeated by a French team who used zero day exploits in the version of Flash shipped with Chrome to take complete control of a fully patched 64-bit Windows 7 PC using a booby-trapped website that overcame Chrome's sandboxing.
Chrome was compromised twice at the 2012 CanSecWest Pwnium.Google's official response to the exploits was delivered by Jason Kersey, who congratulated the researchers, noting "We also believe that both submissions are works of art and deserve wider sharing and recognition." Fixes for these vulnerabilities were deployed within 10 hours of the submission.
Plugins
- Chrome supports plug-ins with the Netscape Plugin Application Programming Interface (NPAPI), so that plug-ins (for example Adobe Flash Player) run as an unrestricted separate process outside the browser and cannot be sandboxed as tabs are. ActiveX is not supported. On March 30, 2010 Google announced that the latest development version of Chrome would bundle Adobe Flash with the browser, eliminating the need to download and install it separately. Flash would be kept up to date as part of Chrome's own updates. Java applet support is available in Chrome with Java 6 update 12 and above. Support for Java under OS X was provided by a Java Update released on May 18, 2010.
Privacy
Privacy mode
User tracking The private browsing feature called Incognito mode prevents the browser from permanently storing any history information or cookies from the websites visited.Incognito mode is similar to the private browsing feature in other web browsers.
Chrome sends details about its users to Google through both optional and non-optional user tracking mechanisms.
Some of the tracking mechanisms can be optionally enabled and disabled through the installation interface and through the browser's options dialog. Unofficial builds, such as SRWare Iron and CoolNovo (previously known as ChromePlus), seek to remove these features from the browser altogether. The RLZ feature is not included in the Chromium browser either.
In March 2010, Google devised a new method to collect installation statistics: the unique ID token included with Chrome is now only used for the first connection that Google Update makes to its server.
The optional suggestion service included in Google Chrome has been criticized because it provides the information typed into the Omnibox to the search provider before the user even hits return. This allows the search engine to provide URL suggestions, but also provides them with web usage information tied to an IP address.
The optional feature to use a web service to help resolve spelling errors has privacy implications.
0 comments:
Post a Comment