Chromium‎ > ‎Chromium Security‎ > ‎

Security Brag Sheet

Our Team and Resources

  • Our team includes some of the best security professionals in the business.
  • We work closely with top researchers like Michal Zalewski (lcamtuf) and Tavis Ormandy (taviso).
  • We contract with experts like iSec Partners and Chris Rohlf for targeted assessments.
  • We dedicate thousands of CPU cores to fuzz projects such as WebKit, Adobe Flash or Chrome's PDF viewer.

White Papers

Containing Attacks

Vulnerability Response

Advanced Anti- Phishing and Malware defenses

High profile researchers and publications say nice things about us

  • A Fortune article's headline subtext: "Google's record on Chrome browser security is impressive, and that is important."
  • An interview with Dino Dai Zovi and Charlie Miller: "I recommend that users surf the web with Google Chrome, disable unnecessary plug-ins, and use site-based plug-in security settings for the plug-ins that they do need."
  • An article noting Chrome's unique 3-years-in-a-row survival at the Pwn2Own competition: "the browser will have survived three consecutive Pwn2Owns, a record."
  • An article noting our agility and fast security updates: "Google has once again reacted faster than Adobe itself"
  • A more mainstream publication interviews HD Moore, who calls Chrome the toughest browser: "Chrome was likely the most difficult target due to the extensive sandboxing."
  • An article in the very mainstream Washington Post notes that whilst other browsers are starting to chase Chrome's speed, Chrome is still the choice of the security conscious: "Both IE 9 and Firefox 4 look like major, welcome advances. But each falls short of Chrome in one key aspect: security."
  • A TIME article's headline includes: "Google Stays Strong"
  • An interesting interview with John Wilandar and Chaouki Bekrar (VUPEN CEO). The interview is nominally about Firefox 4 but includes quotes such as "I'd say Chrome's sandboxing model still beats all the other browsers from an end user perspective.", "At VUPEN, we measure the security of web browsers not by counting the number of their vulnerabilities, but by counting the number of days, weeks, or months that the vendor is taking to fix vulnerabilities affecting their browsers... Today, Google is fixing Chrome vulnerabilities much faster than any other vendor – usually one or two security updates each month. Microsoft, Mozilla, and Apple are are usually releasing security updates for their browsers every 3 months, which is too long.", "Relying on third-party auditor through reward and bounty programs is the most effective way to improve the security of browsers".