[cap-talk] Google Chrome - web browser with sandboxed rendering
David-Sarah Hopwood
david.hopwood at industrial-designers.co.uk
Tue Sep 9 11:16:17 CDT 2008
Karp, Alan H wrote:
> Chrome opens Microsoft Office apps outside the renderer, so you have to be careful
> what you open. Polaris opens them in the restricted user account the browser is
> running in. At least in that regard, running your browser under Polaris is better
> than using Chrome.
True, but note that a Chrome sandbox [*] can have much tighter permissions
than a Polaris sandbox, precisely because it is only running new code with
no compatibility constraints. The approaches are complementary.
Unfortunately Polaris can't practically be integrated with other approaches
unless and until it is open-sourced. Any progress on that?
[*] I don't particularly like the term "sandbox", but
"restricted execution environment" is too verbose.
Would "compartment" be better?
--
David-Sarah Hopwood
More information about the cap-talk
mailing list