![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
yesthattomPwn2Own 2010: Google Chrome is the last man standing
I think it was 10-15 years ago that security researchers I know started saying that web browsers should run in a sandbox.
The point being that there will always be bugs, you want to make them unexploitable by having them run in a well-defined, difficult-to-escape, part of the computer.
That's just sweet to hear.
I think it was 10-15 years ago that security researchers I know started saying that web browsers should run in a sandbox.
The point being that there will always be bugs, you want to make them unexploitable by having them run in a well-defined, difficult-to-escape, part of the computer.
There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."
That's just sweet to hear.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2010-03-26 08:38 pm (UTC)Came out clean. Well done. Eventually someone is likely to find a way to reliably break the sandbox - all protections seem to fall in time - but Chrome is a fine example of how defense in depth works and really improves security.