One of our core security principles is, "Design for defense in depth." Some of the things we've done or are working on to live up to this principle include:
- Chrome on Windows (sandbox) design and implementation and the Sandboxing FAQ (mostly Windows specific)
- Chrome on Linux and Chrome OS (sandbox)
(including the most current seccomp-bpf
- bpf_dsl presentation (Sep 2014)
- Chrome on OSX (sandbox) overview and the second-layer bootstrap sandbox
We're currently working on using Chrome's sandbox to isolate websites from each other via the Site Isolation project, which will help to mitigate cross-site information leaks (among other threats) in the presence of a vulnerability in the renderer process.