Ultimately, Google Chrome is another browser to in your environment that will need to be secured. There has already been a raft of vulnerabilities in Google Chrome, which could potentially lead to denials of service, carpet-bombing attacks, or the ability to download and execute Java programs. Chrome, after all, is still a piece of software that is written by humans, which makes it subject to human error.
I also believe that complexity is the enemy of security. Adding another browser to a corporate environment increases the number of applications that attackers can target. Given that the browser will be another application that needs to be protected, the decision to allow its use should not be taken lightly.
How, then, can it enhance overall browser security? Google is trying new approaches to security. For instance, Google Chrome has two different blacklists for the phishing and malware sites that it interacts with. While I am not a fan of blacklists, I do like that the browser's creators are at least thinking about ways to defend a user from these attacks.
Also, Google Chrome has the ability to "sandbox" tabs. In essence, it restricts all tabs to their own processes, which prevents malware from being installed on the system or attacking other pages the user may have opened. The feature also drops the permissions of the browser as it is running. This is an interesting approach to browser security, but it is limited because some applications like Flash need higher-level permissions.
These and other innovations will ideally force developers of other browsers to start competing with Chrome's security features.
This was first published in January 2009