Google Chrome

Re: Google Chrome

Article on TheRegister as well as blathering about it on /. Apparently they based it upon old code from Safari and it's vulnerable to a 'carpetbombing' attack.

There's also talk about the EULA being overly extensive.

Re: Google Chrome

I've messed around with it a bit. It's extremely fast on rendering. However I won't be using it for not only security issues as listed above but also....google stop designing your UI for pre-schoolers. We know that you try and focus on the average consumer who knows only as much as a pre-schooler when it comes to computers but come on, do you have to make it so apparent?

Re: Google Chrome

I downloaded and installed it this morning and promptly started banging my head against the wall when it wouldn't initialize. After further investigation I found out my antivirus (Symantec Endpoint Protection 11) and Chrome don't like each other. I had to use a "--no-sandbox" switch to get it to initialize.

It then launched fast but randomly started chewing up CPU cycles just by leaving it open (maybe further SEP 11 conflict?). I'll need to try it out on a different box that isn't running SEP to see. It seems to work with every web app I've attempted. What I don't like is that it initializes with two Chrome processes and will start a new Chrome process for each tab opened. It's a small thing but seems a little messy to me.

The IE 8 beta was also released but I won't even touch that. I don't mess with Beta's anymore unless I have to or it's for something good...like Diablo III. I know Chrome says it's a Beta but Google likes to use that term for everything (including Gmail). All things considered, I'll probably stick with Firefox and let Chrome mature.

Re: Google Chrome

Now that's just plain funny. Google, master of all Beta's, and you're gonna wait for it to mature? Has Google actually had anything come out of Beta?

Re: Google Chrome

I think their search engine out of beta. Try it out!
http://www.google.com/ ]:> (heh-heh)

Separate processes per tab makes sense. Combined with shared libraries to keep memory use lower that it might otherwise be, a separate process per tab might allow just one tab to crash without killing your whole browser.

Re: Google Chrome

I think the search engine just came out of beta about the same time I wrote that message. ;)

Re: Google Chrome

The multiprocess model has a number of nice properties:

• Every time you close a tab or navigate to a new page all the resources that page was using get "garbage collected". There's no need for advanced pooling memory allocators like Firefox 3 uses to prevent heap fragmentation.
  
• If you're on a page that triggers a browser bug, only that page crashes, not your whole browser.
  
• Have a quad core CPU? Open 4 web pages and you can use all 4 cores

Re: Google Chrome

Those are good points. Since most of my days are spent hunting down malware on the network, I like less processes because it means I have less to verify aren't being spoofed. I was looking at it from my work load perspective and not the browsers functionality. That's what I get for rambling on without fully researching.

Yeah, I guess I should clarify that I mean I'll wait for it to become "less green".

Re: Google Chrome

Re: the EULA

http://arstechnica.com/news.ars/post...change-it.html

Yeah, the URL pretty much says it all...

Re: Google Chrome

One not mentioned in your list is that the amusingly (to me) named "incognito" tab feature becomes even more secure. The feature allows a tab to have its own set of cookies, sessions, etc. and when the tab is closed, all traces of these are removed, regardless of what the general settings are configured for. Because that tab further runs as a separate process, the destruction of sensitive data is extended to the information in memory as well.

From the bits of playing I've done comparing firefox (v3) to chrome, chrome uses less memory on the whole, despite having multiple processes.

That said, there are a number of problems with chrome I've noticed, some of which have been posted on various mailing lists/forums. For me the biggest reason I don't use chrome as anything other than a plaything is that it stores passwords insecurely. I suspected this when I noticed there was not a method available to set a password, it was confirmed on a security mailing list a couple days later by someone more motivated than I discovering where exactly the passwords were stored (in plaintext as it turns out).

Something else I've noticed but haven't yet seen any information on (though admittedly I haven't gone searching for it either) is that chrome opens up an apparently random UDP port bound to localhost. I'm unsure why this is the case (I suspect possibly local DNS caching or such perhaps but haven't had time to poke at it as of yet).