Play all

Intro

Disclaimers

Chrome's Core Principles

Chrome Security Team

Browser Security?

Top Threats on the Web

Browser Exploits Malicious code that aims to achieve remote code execution on victim's computer by exploiting a security bug in the browser.

Counterthreat Step 1: Find and fix security bugs. Update users.

Find Bugs via Fuzzing

Pay for Bugs

Pay for Exploits

Fix Bugs, Update Users. Fast.

Defense in Depth

Process Sandboxing

Plugin Sandboxing

Plugin Blocking

Phishing & Malware Sites Get a user to visit or load a malicious website that either (a) phishes their personal data or (b) delivers some malicious payload leg malware .

Block Badness

Find Badness

Notify of Badness

Attacks to SSL Violate the security and privacy guarantees of SSL to steal user information

Gimme some SSL!

SSL Protocol Handshake

Man-in-the-Middle Attack

Certificate Pinning Chrome comes preloaded with the certificates it expects to see for Google-owned websites, and if it does not see one of those when it visits a Google owned website, it shows an er…

Certificate Pinning FTW!

HTTP Strict Transport Security

HSTS Whitelisted Services

Closing Thoughts Browser security matters. It should be a factor in choosing the software you use.

Questions? Complaints?

Description:

Explore Chrome's security features and strategies in this 41-minute conference talk from Strange Loop 2013. Dive into the browser's core principles of speed, simplicity, and security as Google's "Security Princess" Parisa Tabriz discusses current online threats and Chrome's protective measures. Learn about the Chrome security team's philosophies, successes, and ongoing challenges in browser security. Discover how Chrome tackles top web threats, including browser exploits, phishing, malware, and SSL attacks. Gain insights into Chrome's multi-layered defense approach, featuring process sandboxing, plugin management, and certificate pinning. Understand the importance of browser security in today's digital landscape and how it should influence your software choices.

Chrome Security Secret Sauce

Strange Loop Conference

Add to list

#Conference Talks #Strange Loop Conference #Information Security (InfoSec) #Cybersecurity #Web Security #Online Privacy #Phishing #Browser Security #Malware Detection #Sandboxing

0:00 / 0:00