  1. Google Chrome Hacked

    Via Hacker News. Google Chrome Pwned by VUPEN aka Sandbox/ASLR/DEP Bypass.

    While Chrome has one of the most secure sandboxes and has always survived the Pwn2Own contest during the last three years, we have now uncovered a reliable way to execute arbitrary code on any installation of Chrome despite its sandbox, ASLR and DEP.

    I would hope an update to fix the exploit would be released soon, although sandboxing has already proved to be insecure which makes future exploits easier. Meanwhile, I'm going back to browsing by telnet hostname 80.

  2. Google Chrome - First Impression

    I said I was going to download Google Chrome first thing in the morning, didn't it? Well, I had a hectic morning trying to get to Tech.Ed on time so I did not manage to download the freshly baked Google Chrome Beta, but then I still managed to get it up and running after I came back in the evening. The download was small -- less than 500kb, which it almost fooled me to think that Chrome is smaller than w3m! Then the installer launched and downloaded the rest. Oh well.

    I was quick to get it up and running, and it takes network/proxy setting from Internet Explorer, but offers to import bookmarks, passwords and history from Firefox.

    Google Chrome displaying Scott's Playground

    I have been running it for the last 30 minutes. Here are some first impressions.

    • Fast. Really fast. WebKit is Fast. V8 is FAST. The whole Internet speeds up. Woohoo!
    • It did not import my passwords from Firefox correctly because I have master password on.
    • Element and resource inspector is pretty cool. Not as good as Firebug, but better than the vanilla DOM inspector.
    • There's no status bar. When you hover over a link, the URL just pops up at the lower-left-hand corner.
    • Lack of title bar is annoying, because you can't really easily see the full title (well you can only when you hover over the tab and the full title comes up in tool tip).
    • Crashed twice on me I have to go to Task Manager to kill all chrome.exe. While the offending tab crashes (which happens to be Gmail, how ironic), the entire Chrome window + other tabs become unresponsive.

    Lack of plugin also means it might not be as useful for developers, but general browsing it beats Firefox hands down in terms of speed and responsiveness. Like most Google software it's still in beta -- and if it is like Gmail it would be in "beta" for possibly a few years -- so I might cut it some slack here. I might actually try to use it as my primary browser for the next week or two.

  3. Welcome Chrome, the Google Operating System

    Google Chrome Logo Top news item at TechMeme today -- Google has revealed its own browser -- Google Chrome, via a comic adoption by the artist Scott McCloud (ain't that presentation brilliant!)

    By browsing the 5-chapter comic book you basically learnt that

    • Chrome is a new Open Source web browser developed by Google.
    • Google Chrome Screenshot WebKit is used as the rendering engine.
    • Super-fast JIT Javascript VM "V8" was developed in Denmark and will be used to power the next generation web applications.
    • Each browser tab will be in its process (just like IE 8) so (1) memory gets properly cleaned by the OS after you close the tab (2) a crashed web page won't bring down the entire browser.
    • OmniBox will be more awesome than Firefox 3's AwesomeBar, with full Google integration.
    • New fast-opening home page with all the history tracking and favourite search terms, will hopefully replace about:blank.
    • Sandboxing each tab into individual processes not only provides stability, but also enhance security.
    • It's developer centric -- open source, open standard, HTML5, local storage via Gear.

    This comes as a surprise especially after Google has just renewed their deal with Mozilla until 2011. If Chrome is so much better (and indeed it would be, if what has been described is true), then why bother? Buying time before Chrome can take over the world?

    From my understanding Chrome is indeed more than just a browser competing against IE, Firefox, Opera or Safari. With its own process management and client-side enhancement like V8, Gear and HTML5, it is aiming to be the GUI of Google Operating System, the platform of future applications.

    It is also a major win for WebKit -- which is now the rendering engine for Apple Safari, iPhone, Adobe AIR, KDE Unity, Google Android and now Google Chrome. I am pretty sure there are more projects using WebKit which is arguably having a much better C++ code base than Gecko. And it's fast -- really really fast.

    Can't wait to download it tomorrow.