Google shares Chrome browser security principles

Google is sharing its Chrome security principles, a very useful document that helps users understand what’s under the browser’s hood.

Goals in designing Chrome’s security architecture were layer defenses, and avoiding single points of failure. Chrome’s sandbox architecture represents one of the most effective parts of this strategy. They also employ the best available anti-exploit technologies (such as ASLR, DEP, JIT hardening, and SafeSEH), along with custom technologies like Safe Browsing, out-of-date plug-in blocking, and silent auto-update. Google says that with this publication they do not want to downplay security impact, instead, they provide users and administrators with the information they need to accurately assess risk. They publicly disclose all vulnerabilities fixed in Chrome whether they are discovered internally or externally. Google says that no software is perfect, and security bugs slip through even the best development and review processes. That’s why they’re grateful for the work of the independent security research community in helping find and fix vulnerabilities. Computer users should always seek to reduce attack surface for attackers. Additional description can be found at ZDNet web site.