Google in 2008: A new approach to browser security: the Chrome Sandbox
Google now: Sandboxing is expensive…Sandboxing doesn’t eliminate vulnerabilities from the code.
I wrote about the death of the sandbox:
securityweek.com/cost-sandboxin
9
60
146
Conversation
Replying to
I think the problem is the same as it was back to antirootkits and HIPS systems. Where it always providing good coverage vs known threats but coverage for the new attack vectors comes only after the first successful attack. Also, it's always a tradeoff with performance/usability.
1
4
If we hadn’t paid the price for it, and recognized the things they have help with where would we be? Once that mitigation’s and security measures have been overcome by attackers is easy to see the negative but what have they brought as value?
1
1
What if we had done something different/better 15 years ago? It's a useful discussion to have.
3
How would issues like Spectre be addressed without a strict per-site-instance sandbox?
Browsers could also be entirely written in Java, Rust, etc. and would still have serious issues with memory corruption unless they're going to go back to only having interpreted JavaScript...
3
Are they going to stop using JIT compiled JavaScript?
It's a lot harder to get rid of that once you have it. The modern web is built around the assumption of sophisticated JavaScript JIT compilation. How do they plan on making that at all safe beyond putting it in a sandbox?