The Security Architecture of the Chromium Browser
Web browsers must often handle untrusted or malicious code while protecting the user. However, most current browsers have a monolithic architecture that combines "the user" and "the web" into a single protection domain. In these browsers, an attacker who exploits an arbitrary code execution vulnerability can install malware or steal sensitive files from the user's computer. In this talk, I will discuss how the architecture used by the Chromium browser (from which Google Chrome is built) can help mitigate these high-severity attacks. Chromium has two modules in separate protection domains: a browser kernel, which interacts with the operating system, and a rendering engine, which runs with restricted privileges in a sandbox. I will show what types of attacks this architecture can help mitigate as well as what challenges it faces for addressing other threats.