18

I was amazed that IE 8, Safari, Firefox were hacked so fast at Pwn2Own 2010. Is Chrome really so good or was it not tested?

Has anyone other results of independent investigations about security of web browsers? Is these a list of "problems" or weaknesses by browser types?

kalina
  • 3,354
  • 5
  • 20
  • 36
garik
  • 1,222
  • 15
  • 24
  • Doesn't exactly answer the question, but some good info on Google Chrome security here http://portal.acm.org/citation.cfm?id=1536634 – Graphics Noob Nov 12 '10 at 05:59
  • http://s17.postimg.org/5en7e3333/censorship.png - The original deleted answer, posted for reference for anyone interested. – Placeholder Feb 06 '15 at 10:13
  • I don't get what you're saying, little dinosaur. What is being censored? All of those features are not big privacy issues, and they are not security issues at all. – forest Apr 05 '16 at 10:19

5 Answers5

18

Many bugs/vulnerabilities have been found in Chrome, but, as user Arda Xi has said - Chrome's security heavily relies on sandboxing. So, that's why there are no live known exploits - it is nearly impossible to exploit those vulnerabilities. You can read more about Google Chrome's sandboxing here:

http://blog.azimuthsecurity.com/2010/05/chrome-sandbox-part-1-of-3-overview.html.

Rory Alsop
  • 61,367
  • 12
  • 115
  • 320
  • 10
    This is not quite right. Sandboxing does not prevent exploiting vulnerabilities; it reduces the damage that exploits can do (which is good), but does not eliminate them. To be clear, sandboxing is a good thing, but it's not a magic bullet. – D.W. Jan 12 '11 at 02:30
  • 2
    There is a difference between the meaning of "prevents" and "nearly impossible". –  Jan 12 '11 at 10:40
  • But, code can escape out of sandboxes too, right ? – FirstName LastName Jan 13 '13 at 04:36
  • @FirstNameLastName Yes, but that would require an additional/different vulnerability of the sandbox. The main issue is that no additional security is provided within the sandbox (by sandboxing) - which might be a problem for applications running within it. – Karl Hardr Oct 25 '14 at 20:41
5

Note that the chrome browser which is developed by Google "phones home". When your understanding of security includes not wanting to share surfing behavior and co., stay away. Chrome is unsecure when it comes to your online privacy.

Google provides some ways to opt-out of most of their "implementations", "online apps" and "features"... but not all! In the end, you will have to remind yourself who provides the browsing client FOR FREE and why there's no price-tag to it.

My quote of the day: Security starts with watching your privates!

5

Google Chrome has been "hacked", here is a POC of an exploit that manage to pass the sandbox- VUPEN_Pwning_Chrome

btw - the exploit is private, and as far as we know the lastest version of chrome is still vulnerable to this code execution method.

YSY
  • 2,229
  • 4
  • 20
  • 16
2

The reason that Chrome was not even tested was because of the sandboxing that Google applied to the browser. So even if someone managed to get access to the browser itself, it could only access that process and nothing else, making an attack quite pointless.

Arda Xi
  • 216
  • 1
  • 2
  • 2
    Note that none of this is relevant to the pwn2own contest. The only thing you need to show to win pwn2own is code execution. Breaking out of the sandbox (if one exists) is not required to win. – Larry Osterman Nov 21 '10 at 08:06
  • @Larry Code execution does require you to break out of a sandbox, doesn't it? That's exactly what it's there for. – Arda Xi Nov 21 '10 at 09:37
  • your answer is not correct. The sandbox does not make attacks "quite pointless". A successful exploit of a vulnerability in Chrome could still cause quite a bit of damage; see, e.g., [here](http://lackingrhoticity.blogspot.com/2010/12/chrome-sandbox-common-misconception.html). What sandboxing does is reduce the likelihood of a catastrophic security breach. It does not eliminate the chance of a catastrophic security breach, and it does not prevent exploitation of vulnerabilities. – D.W. Jan 12 '11 at 02:31
  • @DW That's not true. First of all, I did not claim that this was why Chrome was secure, just that it was why it was not tested. Also, that blog seems to assume that multiple domains can be assigned to the same rendering process. This is not true. – Arda Xi Jan 12 '11 at 05:42
-4

I am not sure about safari In OSx, but IE8 is tied to the Windows Operating System so hackers can get access to the OS if they successfully hack the browser and it's plugins. chrome is different because it is not tied to the OS and uses sandbox.

Mohamed
  • 1,404
  • 1
  • 11
  • 14
  • Actually, IE8 usually runs in Protected Mode, so there is very little it can actually do in the OS, no matter what was hacked - even the browser itself is restricted. Chrome has an inherent difference, because it is sandboxed BY the OS (using ClickOnce mechanism). – AviD Nov 18 '10 at 21:29
  • Actually Chrome has a very similar sandbox to that of IE, and they add a few features beyond IE's. – Larry Osterman Nov 21 '10 at 08:07
  • @Larry, the *results* of the sandbox are similar, but the *mechanism* is very different. As far as the OS goes, IE uses Integrity Levels (if on Vista/7), whereas Chrome uses ClickOnce installation. Come to think of it, I'm pretty sure that ClickOnce also uses Integrity Levels, albeit indirectly - but it also has additional sandboxing features. – AviD Nov 21 '10 at 10:57
  • 2
    Heh, but I'm not gonna lecture to Larry Osterman on the internals of Windows security :D. Cool to see you here... Oo, can you also get some of the SWI guys to stop by? Some more ["rock stars"](http://blog.stackoverflow.com/2010/08/a-recipe-to-promote-your-site/) could really help push the site... – AviD Nov 21 '10 at 11:04
  • The google chrome paper: http://blog.chromium.org/2008/10/new-approach-to-browser-security-google.html talks about their sandbox. As far as I know, chrome is native code and thus the clickonce sandbox doesn't apply. – Larry Osterman Nov 21 '10 at 17:52