|
|
|
|
|
|
by 7952
4507 days ago
|
|
|
One of the main selling points of Chrome apps was a belief that they are safer than native apps. But on a lot of computers now the vast majority of sensitive information is held in browser sessions, not in the My Documents folder. Running code in a sand-boxed browser session with full permissions could be far more profitable for an attacker than running arbitrary code on the OS. The only way to maintain security is to control access to the particular ecosystem within which data exists (in the way Facebook does). At the moment Google are trying to control an ecosystem that includes everything the user does, which is impossible to secure in its entirety. |
|
|