Modern Chrome Architecture

• Browser process
  • Controls browser bar, address, etc.
• Renderer
  • Inside tab
• Plugin
  • Flash, etc.
• GPU process
  • GPU handles from multiple requests from multiple apps and draw in same surface
• Broker
  • Uses IPC clients in each renderer to make network requests

Principles of Secure Systems

• Defense in depth
• Least privilege
• Privilege separation
• Open design
  • Security not by obscurity
  • Kerckhoff’s principle
    • “a crypto system should be secure even if everything about the system is known, except for the [private] key”
• Keeping it simple

Web Security

• Browser security model
• XSS and CSRF
• HTTPS
• Content security policies
• Session management and user auth