Secure Architecture

One of our core security principles is, "Design for defense in depth." Some of the things we've done or are working on to live up to this principle include:

Background

• http://seclab.stanford.edu/websec/chromium/
• A color-by-risk component diagram of Chrome

Sandboxing

Platform-specific sandboxing

• Chrome on Windows (sandbox) design and implementation and the Sandboxing FAQ (mostly Windows specific)
• Chrome on Linux and Chrome OS (sandbox) overview (including the most current seccomp-bpf layer)
  • bpf_dsl presentation (Sep 2014)
• Chrome on OSX (sandbox) overview and the second-layer bootstrap sandbox

Plugin sandboxing

• Flash sandboxing (PPAPI)

Site Isolation

We're currently working on using Chrome's sandbox to isolate websites from each other via the Site Isolation project, which will help to mitigate cross-site information leaks (among other threats) in the presence of a vulnerability in the renderer process.

Anti-Exploitation Technologies and Tactics

• We use industry best practices ASLR, DEP, JIT hardening, and SafeSEH.
• We block out-of-date or unpopular plugins by default and support work toward NPAPI deprecation.
• We implement memory hardening features, like Binding Integrity.