[cap-talk] Google Chrome Interview

Toby Murray toby.murray at comlab.ox.ac.uk
Sun Apr 19 07:00:32 EDT 2009

There's an interesting interview with some of the guys familiar with the
Google Chrome security architecture at:

In it, they make specific reference to capability-security ideas that
were borrowed in the Chrome sandbox design.

Quoting from that interview:

> To secure file uploads, we borrowed a trick from the capability
> literature. The browser kernel displays the file picker dialog and
> keeps track of which files the user has picked. Later, when the
> rendering engine asks to upload a file, the browser kernel checks to
> make sure the user actually picked that file for upload. Without this
> check, a compromised rendering engine would be able to read arbitrary
> files by uploading them to attacker.com.

More information about the cap-talk mailing list