The Null Device
Posts matching tags 'chrome'
Recently, the annual Pwn2Own contest took place; in it, participants try to take over a computer by exploiting security holes in a web browser, and capture the flag (in this case, a file on the computer's hard drive). This year, all the browsers but one fell; Firefox 3.6.2 (though it's not clear whether NoScript would have mitigated this), IE8 and Safari all fell; one of the hackers even pwned an (un-jailbroken) iPhone and made off with the SMS database. The one browser that remained standing: Google Chrome, not because it's bug-free, but because the sandbox mechanism makes exploiting bugs impractical:
"There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."
WIRED has a piece by Steven Levy looking behind the scenes of Google's Chrome web browser project:
Speed may be Chrome's most significant advance. When you improve things by an order of magnitude, you haven't made something better — you've made something new. "As soon as developers get the taste for this kind of speed, they'll start doing more amazing new Web applications and be more creative in doing them," Bak says. Google hopes to kick-start a new generation of Web-based applications that will truly make Microsoft's worst nightmare a reality: The browser will become the equivalent of an operating system.
Google also brought in reinforcements to implement the multiprocess architecture that allowed each open tab to run like a separate, self-contained program. In May 2007, it acquired GreenBorder Technologies, a software security firm whose technology was designed to isolate IE and Firefox activities into virtual sessions, or "sandboxes," where malware intrusions couldn't mess with other activities or data on your computer. When the deal was announced publicly, tech pundits wondered whether it meant that Google was going into the antivirus business. Only after the acquisition did GreenBorder's engineers learn that their job was to construct sandboxes for the tabs of a new browser. "It was confusing," says Carlos Pizano, one of the GreenBorder hires. "They would not say what they wanted to sandbox."Meanwhile, the Chrome beta's licensing agreement apparently gives Google rights to use anything you create using it for promoting its services. This alarming clause appears, however, to be the result of an oversight; the licensing terms appear to have been copied from Google's web applications, and make little sense for a BSD-licensed open-source web browser (after all, anyone who doesn't like the EULA could produce an EULA-free though otherwise identical version of the browser merely by recompiling it from the source).
That's all the detail that seems to exist so far. There is a possibility that it's just an elaborate feint; Google could, in theory, have paid McCloud some huge sum to draw a comic to specification, peppered with technical versimilitude, purely in order to send Microsoft/Apple/Yahoo!/whoever's development teams on a wild goose chase. Though I suspect that there is an actual product there. For one, Google are known to use WebKit on Android. More importantly, though, a browser designed as a web application operating system (with the expectations of performance and stability that implies), rather than an information viewer with programmability grafted on as an afterthought (as is the case with current browsers), would line up rather nicely with Google's strategy to make the web into a first-class application platform.
There are no details on what platforms Chrome will run; it is open-source (and other projects, or those willing to fork those, will probably have a field day with this), and the comic does mention Windows in one place, so presumably a Windows version is planned. I'm guessing that Google aren't doing this to help Microsoft sell Windows licences, though, so presumably this is not the only version planned. A Linux desktop version, running on top of X, is probably likely. Another possibility is it running over something lighter than the average Linux desktop, making a robust web-browsing appliance on which the browser meets the conventional definitions of an operating system; either Android or some other lightweight OS.
The other option, of course, is that this is an elaborate hoax, akin to the Photoshopped "spy photos" of new Apple Mac tablets and other fantastic gear that are a regular feature of gadget blogs. The fact that Google's Chrome page doesn't yet exist (at time of writing) does suggest this possibility. Though this would imply that the hoaxers had an enormous amount of time on their hands, excellent comic drawing skills and an uncanny mastery of the drawing style of Scott McCloud.
Update: Google have confirmed Chrome. It's initially a Windows product (presumably to win market share before IE8 comes along and shuts off Google's oxygen with its advertising cookie blocker), though Mac and Linux versions are in the works. The Windows version will apparently be out tomorrow.