Sandboxing is a layer of security that Chrome places between attackers and their computer, aiming to isolate an attacker who has successfully exploited a vulnerability. When contained in a sandbox jail, an attacker will typically look for porous or fragile bits in the walls to throw rocks at. That is, he’ll try to gain additional privileges by taking advantage of other vulnerabilities. Our job is to make the virtual walls of the sandbox as strong and impenetrable as possible.

One juicy target for attackers is the operating system’s kernel: a large and complex code base. The latest stable version of Chrome introduces a new layer of sandboxing of Chrome renderers for the 64-bit versions of Chrome OS and Linux, based on a new kernel feature called seccomp-bpf. With seccomp-bpf we’ll install a small filter in the kernel that will quickly reject many of the rocks thrown by an attacker. A simple example: if we know that Chrome renderers don’t need a system call such as vmsplice, or a facility such as “inotify”, we can just deny them completely. We use a broker process model to keep the list of allowed system calls small.

Installing this filter in the kernel improves the security of our users. But it is just the beginning: using this new facility, we’ll continue to make the sandbox safer.

This new sandbox layer is automatically baked into the latest version of Chrome OS. On Linux, you can check by going to chrome://sandbox and look for “Seccomp-BPF sandbox Yes”. If this is not available, ask your Linux distribution to include and enable seccomp-bpf in its kernel, as Ubuntu has done since version 12.04.


As always, you can report bugs and issues here, by clicking on “New issue”.

Posted by Julien Tinnes, Software Engineer

Google Chrome for Linux is finally ready for beta. Like the Windows version, it's fast, secure, stable, simple, extensible, and embraces open standards like HTML5.

But bringing Google Chrome to Linux wasn't just a straight port -- it was a labor of love. Google Chrome works well with both Gnome and KDE, and is updated via the normal system package manager. It has also been developed as a true open source project, using public mailing lists, IRC channels, bug tracker, code repository, and continuous build and test farm -- following in large part the trail blazed by Mozilla. Where we noticed problems in system libraries, we pushed fixes upstream and filed bugs. This open approach to development seems to be working: so far, about 50 developers outside Google have contributed code (for instance, thanks to Ibrar and Paweł for our FTP stack), and several Linux distributions even maintain preliminary open source builds of Google Chromium.

In short, we really love Google Chrome for Linux, and we think you will, too. Please try it and let us know what you think.

(One more thing: if you've already installed the dev channel version, you may need to uninstall that before installing the beta version -- we tried to make that work smoothly, but a few rough edges remain.)

Posted by Dan Kegel and Evan Martin, Software Engineers