Lessons from Google Chrome
Browsers are an appealing target for attackers because they have a large and complex trusted computing base with a wide network-visible interface. Historically, every browser at some point has contained a bug that let a malicious Web-site operator circumvent the browser’s security policy and compromise the user’s computer. Even after these vulnerabilities are patched, many users continue to run older, vulnerable versions.5 When these users visit malicious Web sites, they run the risk of having their computers compromised.
Generally speaking, the danger posed to users comes from three factors, and browser vendors can help keep their users safe by addressing each of these factors:
* The severity of vulnerabilities. By sandboxing their rendering engine, browsers can reduce the severity of vulnerabilities. Sandboxes limit the damage that can be caused by an attacker who exploits a vulnerability in the rendering engine.
* The window of vulnerability. Browsers can reduce this window by improving the user experience for installing browser updates, thus minimizing the number of users running old versions that lack security patches.
* The frequency of exposure. By warning users before they visit known malicious sites, browsers can reduce the frequency with which users interact with malicious content.