Google designed Chrome to be faster, more stable and most importantly, more secure than other Web browsers. So with these features in mind, Google Chrome was built from scratch to be a Web browser designed for today’s web application users. As more businesses venture into the cloud, it’s becoming increasingly important that your browser doesn’t crash when you’re creating reports in Google Docs or when you’re video conferencing. In order to prevent crashes, Google Chrome developers sandboxed each tab, so that if one tab malfunctions, the whole browser doesn’t crash. If one tab does go down, a “sad tab” will appear depicting a ‘sad face’ emoticon.

This isolation process is similar to modern operating systems. With sandboxing, the goal is to prevent malware from installing itself on the computer or allowing what happens in one tab to affect what happens in another. The perimeter of the sandbox is based on permissions. Each process is stripped of its rights and can compute but can’t write files or read from sensitive areas such as the desktop or documents. Chrome has taken the existing process boundary and made it into a metaphorical jail. Malicious software in one tab is unable to sniff credit card numbers, interact with mouse operations or tell Windows to run an executable start-up. Since Google is writing the code, they have the ability to say who and who isn’t granted permission.

If sandboxed tabs don’t offer enough security for your end users, there are also privacy modes to ensure that your surfing history isn’t being tracked, such as Protected mode used in IE7 and Windows Vista, which can be enabled or disabled by group policy or parental controls. (Apple’s Safari also has a private browsing feature). Google Chrome offers a similar mode called Incognito. (Chrome currently cannot disable through parental controls or group policy). These modes are jokingly referred to as ‘porn mode’ as the Web surfing activity isn’t tracked because the browser does not store history information or cookies. A spouse that doesn’t want their significant other to know that he/she has been surfing disreputable sites would not be found-out while surfing in these modes. These privacy modes also have business-related uses as well. Privacy modes are good to utilize when typing passwords or financial, personal or sensitive information onto a Web site.

For more information on secure Web browsing and Web 2.0, read the October Alert: http://gocsi.com/membersonly/showArticle.jhtml?articleID=211600271&catID=14144.
------------------
Kristen Romonovich is Associate Editor at the Computer Security Institute. She is dedicated to Green IT, Web 2.0 and the security of social media, and data security at the upcoming annual conference CSI 2008: Security Reconsidered. Visit www.CSIAnnual.com to learn more.