|
|
|
|
|
|
by tptacek
6301 days ago
|
|
|
Chrome is process-per-tab; there's architecturally almost no shared state between two different render contexts. Contrast that with Firefox, where there's a application-layer permeable membrane connecting content-driven code to browser core state. |
|
|
The feature of Chrome and IE Protected Mode that protects against local expoits is basically the same. There is a "main" process that has access to the local system (files, registry, other processes). And, there are some "sandboxed" processes that do not have access to the local system except for a communication channel to the main process. Any time these browsers interpret some input from the internet, they do so only in the sandboxed processes. The only way a sandboxed process can access local resources is by asking the main process to give it the local resource through the communication channel. The main process asks the user to approve the request before accessing the local resource on behalf of the sandboxed process. As long as the main process implements its side of this communication channel correctly, there is no way for malicious web content to break out of the sandbox. That is the case whether there is one tab per process or more than one tab per process.