Browser Security

Charles Reis, Adam Barth, Carlos Pizano
2009 Queue  
The Web has become one of the primary ways people interact with their computers, connecting people with a diverse landscape of content, services, and applications. Users can find new and interesting content on the Web easily, but this presents a security challenge: malicious Web-site operators can attack users through their Web browsers. Browsers face the challenge of keeping their users safe while providing a rich platform for Web applications. Browsers are an appealing target for attackers
more » ... ause they have a large and complex trusted computing base with a wide network-visible interface. Historically, every browser at some point has contained a bug that let a malicious Web-site operator circumvent the browser's security policy and compromise the user's computer. Even after these vulnerabilities are patched, many users continue to run older, vulnerable versions. 5 When these users visit malicious Web sites, they run the risk of having their computers compromised. Generally speaking, the danger posed to users comes from three factors, and browser vendors can help keep their users safe by addressing each of these factors: • The severity of vulnerabilities. By sandboxing their rendering engine, browsers can reduce the severity of vulnerabilities. Sandboxes limit the damage that can be caused by an attacker who exploits a vulnerability in the rendering engine. CARLOS PIZANO is a senior software engineer at Google working on the Google Chrome Web browser. He has an M.S. degree in computer engineering from the University of New Mexico and a B.S. in electrical engineering from Universidad Javeriana. His work focuses on security and sandboxing for Internet-facing applications.
doi:10.1145/1551644.1556050 fatcat:66ik7eg7hzaqdll7xa5olcgkrq