Saturday, April 16, 2011

Why Use Google Chrome


I had always been a fan of Google, right from the day one I came to experience the power of Google search, I started using their Search engine and with the introduction of GMail, I was living my dream of having the best ever mail application nd that too for free of cost, with tons of features like Gigabytes of space, Keyboard Shortcuts, Mail Filtering, Tagging\Grouping and lots more. 

With Google stepping into the browser market I was bit doubtful on how it’s going to compete with the deep rooted giants like Microsoft IE, Mozilla FireFox et al. But once I installed this application I was taken by storm after experiencing its performance and robustness in terms of security and ease of use, though at first there were some hiccups which were straightened out in the later releases. So coming back to the title of this article "Why Use Google Chrome", I would like to share what the experts\hackers community had to say about Google Chrome.

Secure Browser ever built: At first glance it might look like a marketing tag line. We’ll see how Google Chrome befits for this secure ranking status. Google had announced a cash prize of $20,000 for coming out a with chrome exploit, but as on date no one had ever succeeded in bagging this prize money.  In the last two PWN2OWN contest at the CanSecWest conference, where security experts around the world compete to exploit the browser vulnerabilities of those including Chrome, Firefox, Safari, Opera and Internet Explorer. The only browser which came out unscathed was Google Chrome because of its sand-boxing model. Lets  hear what Charlie Miller(a security expert) had to say "There are bugs in Chrome but they're very hard to exploit. I have a Chrome vulnerability right now but I don't know how to exploit it. It's really hard. They've got that sandbox model that's hard to get out of. With Chrome, it's a combination of things - you can't execute on the heap, the OS protections in Windows and the Sandbox."  While browsers from Apple, Microsoft browsers drop to first shots at the hacking contest. In fact, Safari was apparently exploited in a matter of seconds. While the most impressive hack was that of  Fewer's, who used three vulnerabilities to [not only] bypass ASLR (Address Space Layout Randomization) and DEP (Data Execution Prevention), but also escape Internet Explorer's Protected Mode, which was something not seen at PWN2OWN before. Click here to read more on this vulnerability.

So What's Sandboxing: If the term sandboxing is new to you, no need to worry as this is a simple principle used in computer science to insulate un-trusted\untested code from a developer or company from accessing or altering the core system components or configurations. The sandbox typically provides a tightly-controlled set of resources for programs to run in, such as scratch space on disk and memory.  In simple terms its assigning the least privilege or just the required privilege to every process involved in executing a task without affecting the stability or integrity of the host system. 

How Chrome Sandboxing Works: Chrome implements Sandboxing by utilizing windows security model called process tokens. If you were to open up a chrome window you will find two chrome.exe listed under the Task Manager process tab even if you are browsing a single site (You will find more chrome.exe processes, if you have installed any browser plug-ins). You could also notice all processes running under the same username which you had logged in, so you might be thinking how does this policy of least privilege apply here and why these many processes? 

Traditionally browsers contain all the sites you browse into a single process; this means all web sites share the same address space. In such a scenario, if you were to visit a hijacked site installed with malware, it might exploit\access all sites opened in other tabs and using buffer overflow exploits it could even access your system resources including files on your disk and more. Also if any one of the tab crashes the entire browser will hang or come down crashing causing you to lose any unsaved data with it, this might not be something new for anyone who had been using browsers like IE and Firefox. 

So let’s explore how the chrome security model works. For this you need Process Explorer to see how the sandboxing (process tokens are assigned) works. Open up chrome and browse www.google.com Next start ProcessExplorer.exe, here you will find two chrome.exe process listed (you will find more chrome.exe processes, if you had installed any plug-ins). The chrome.exe process are laid out in a hierarchical way, where a parent chrome.exe process is listed with a child chrome.exe process as shown below.




Here what you see is chromes sandboxing model in action, which relies on protection provided by windows. The Sandbox operates at process-level granularity. Anything that needs to be sandboxed needs to live on a separate process. The minimal sandbox configuration has two processes: one that is a privileged controller known as the broker process, and the sandboxed processes known as the target process. In Chrome the broker process is called the Browser Process, while the target process is called as the Renderer process. In the above screen shot, the Browser process is the parent Chrome.exe process, while the child Chrome.exe is the target process, i.e. the Sandboxed process. The Renderer process (i.e. the target process) communicates with the Browser process (i.e. the broker process) using chrome IPC channels. The sandbox IPC channel is a low-level mechanism (different from Chromium's IPC) which is used to transparently pass on certain windows API calls from the target (Renderer process) to the broker (Browser process).

Now let’s explore the security tokens assigned to the Renderer Process, for this select the properties of the child chrome.exe and select Security tab. Here you would see all the users and groups with deny restrictions and a NULL SID which denotes a group with no members. This effectively takes out permission from the renderer process from accessing resources on your system.
         
When you key-in a URL to the chrome window, its passes on the request to Browser process through IPC channel. The Browser process then makes a request to the specified web address\url and all the data received from the webserver is passed back to the Renderer process which does the rendering of the webpage using web kit engine.

If you are interested to know more on chrome internals, here is a couple of links worth visiting.

So to conclude, sandboxing being one of the pioneer security model used by chrome to combat possible exploits. Chrome uses another feature called "Phishing Filter" to prevent users from visiting phishing sites by checking against a list of known phishing site list and warns the user about potential risk of visiting the site. The other plug-in worth installing is the "NotScript" extension that provides high degree of security by disabling scripting for non-white listed sites. If you trust a site you can white list that site, only then it will allow scripts to be executed at the browser end.


So having said this, I believe no browser as of now is as much as robust as Chrome on taking security this seriously, though IE had come up with its protected mode, but it still has a long way to go in order to catch up with chromes prowess in terms of security, performance and responsiveness.


So have a safe browsing with Google Chrome.

No comments: