Date Added: Apr 2009
Most current web browsers employ a monolithic architecture that combines "The User" and "The Web" into a single protection domain. An attacker who exploits arbitrary code execution vulnerability in such a browser can steal sensitive les or install malware. This paper presents the security architecture of Chromium, the open-source browser upon which Google Chrome is built. Chromium has two modules in separate protection domains: a browser kernel, which interacts with the operating system, and a rendering engine, which runs with restricted privileges in a sandbox. This architecture helps mitigate high-severity attacks with-out sacrificing compatibility with existing web sites. It defines a threat model for browser exploits and evaluates how the architecture would have mitigated past vulnerabilities.