Layered security in Google Chrome browser

Google's Chrome web-browser restricts privileges and stops access to ‘bad’ sites in what the company claims is a layered approach to security.

During the official beta launch of the company’s inaugural open source browser on Tuesday Google executives said a combination of control mechanisms will ensure browser safety.

“Security typically tends to work in multiple levels,” said Sundar Pichai, VP Product Management at Google via webcast from California to Sydney. “You want a layered security model so if the first [layer] fails, you fall back to the second [layer] and so on; that’s the way we’ve approached security in Chrome.”

Chrome has adopted tab browsing and in its version each tab uses its own processer, so what happens on one tab is not supposed to affect the rest. Chrome’s ‘sandboxing’ also strips away privileges and a program’s capability to write to a hardrive, claimed Google.

Google has admitted that some third party plug-ins render at higher privileges than what Chrome allows and therefore can not yet be sandboxed. According to Google, Plug-ins are rendered in a different processer altogether.

Chrome’s beta version launched on Wednesday in more than 40 languages around the world. Additional security layers include a warning service that alerts users when they come across a site containing malware and phishing sites, using blacklists.

“First of all we try to prevent the user from going to a bad site. We have anti-phishing and anti-malware block listing so if you try to go to a wrong site where we believe you could be compromised we throw a warning and say please don’t go there.

“[Additionally] if the user still bypasses this warning and downloads something, we contain it. We contain it so that if you later close the tab it goes away and can not be read or written to the rest of the system,” said Pichai via webcast.

Lloyd Borrett, marketing manager at internet security company AVG praised Google's attempt to improve browswe security through black lists.

“However, the real problem is that the black list approach is a bit too slow to protect against transient web threats,"said Borrett. Often they’re gone before they’re recorded on the blacklists and so by the time they get on the black lists they’re not a problem anymore.”