Information Security

Defending the digital infrastructure


Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is New Google Chromium OS a Security Game-Changer?

Google says Chromium's process isolation and sandbox security features harden the OS from attack.

Google's new cloud-based Chromium operating system, slated to debut in the second half of 2010, may not immediately change the way attacks are carried out, but if the OS is successful in gaining broad adoption, it could have a far-reaching impact in the way security is deployed, says a group of Web security experts.

Google announced in July that its engineers have been busy designing a lightweight operating system, built using the architecture of its Chrome browser on a modified Linux kernel. In a November press briefing, Google engineers praised the OS's ability to isolate processes, sandboxing them in a way that could make it more difficult for attackers to run malware undetected on a victim's machine. Chromium also uses encryption for any cached user data stored locally, but is also heavily cloud-based, with virtually all data and applications stored and running on Google servers.

While Google engineers are using a number of new techniques to harden the OS from external attacks, cybercriminals have consistently shown they are savvy enough to poke holes in even the most hardened code, say security experts.

"There will be new types of attacks and security issues that weren't prevalent before," says David Lindsay, a Washington, D.C.-based security consultant for application security vendor Cigital.

Google's process sandboxing works much like the way the Chrome browser functions. It has the ability to limit resources and even enable the browser to signal the user to terminate a process when it detects an anomaly such as a script using too many CPU resources. The Google engineers say they are researching ways to run specific driver processes in a sandbox to perform similar hardening.

Lindsay compares the Chromium OS to the introduction of JavaScript to the browser in 1995. Developers were able to create a much more dynamic Web experience, but it also increased the attack surface and made the certain types of injections much more severe. JavaScript is also designed to run in its own sandbox. The goal is to contain the damage, but ultimately attackers find ways to wreak havoc within the sandbox, Lindsay says.

"I think in the future the threat won't necessarily be from what attacks are escaping from the sandbox, but being able to look for what an attacker can do within the sandbox," Lindsay says. "The sandbox itself may allow more powerful types of attacks that you can't necessarily do right now in a Web application."

On the Web side, Chromium will boot quickly and launch Google's Chrome browser where all user activity will take place, opening Web applications in tabbed format. Both the operating system and the Chrome browser will contain the same auto-update feature, allowing Google to push out updates over SSL at the flip of a switch. Users won't have the ability to downgrade to a previous version.

"By moving the OS to the web, Google is gambling that the benefits of modern programming languages, , the ability to perform centralized security and protecting user's data in the cloud will outweigh the threats introduced by the Web," says Jacob West, a Web security researcher and security group manager at Fortify Software.

West says the OS could eventually centralize security around protecting a user's data in the cloud. With skyrocketing Web-based attacks targeting Web-facing applications on top of native OSes, Google Chrome shows potential in helping alleviate the threat of worms, malicious attachments and spyware.

But West says, "during my years in the security space I've yet to see a situation where putting something on the Web improved security. What I'm sure of is that if Google does succeed in gaining some market share, there's an Internet full of attackers out there who will find a way to put Chrome OS users in the crosshairs."

The new OS is slated to debut on a new crop of netbooks. Their tiny form factor, cheaper components and limited storage necessitate the need for a lightweight system and was an obvious place to begin, the Google engineers say.

Don't expect a dramatic change in the threat landscape, says Amit Klein, chief technology officer of browser security vendor Trusteer. Standard desktops and laptops still dominate the personal computing market and only if Chromium begins to make inroads in the mobile or enterprise markets will it begin to attract cybercriminals eager to cash in on a growing user base.

"This isn't to say no exploits will be found for it … I'm sure many security researchers are already looking at the code and I believe exploits will start popping up soon," Klein says.

The other potential avenue of attack is against Google's servers itself. Account credentials giving cybercriminals access to larger amounts of data stored in any cloud-based system can be a treasure trove for attackers.

"If cloud computing and Google OS catches on, we'll see more and more incidents of complete vicitm impersonation due to the shift to the cloud," Klein says. "I can envision a multi-phase, multi-platform attack wherein some set of credentials are stolen perhaps from a desktop PC, then cloud data is accessed and more personal data is compromised."

Despite Chromium's broad reliance on the cloud and its potential for new attack vectors, all the experts agree how much of a game changer the new OS will be is anyone's guess. Once machines running the Google OS are on store shelves, its impact on security may depend on whether consumers embrace it.

Robert Westervelt is news editor of Send comments on this article to

Article 1 of 6

Dig Deeper on Alternative operating system security

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.

Get More Information Security

Access to all of our back issues View All