At the CanSecWest conference each year they conduct a hacking competition (pwn2own). Security professionals compete to get malware onto a machine faster than anyone else. The contestant can pick the browser that they wish to attack.
At this year’s conference, every major browser including IE8, Firefox, and Safari were all hacked over a 3 day period. The only browser which was not hacked was Chrome. One of the winners of the contest had some interesting things to say about why Chrome was not hacked.
Chrome’s “sandbox” is not an accident; it was designed for this case. Each web page runs in a renderer process, and that process has no privileges on the OS, so it cannot write to disk or talk to the network. With all of the browsers being hacked, it’s fair to assume that hackers will find flaws in any browser. Avoiding flaws is key, but the sandbox ensures that those flaws are contained to some degree. It is much harder to do persist damage to the machine after the flaw has been exploited because the process can’t touch the network or disk. While IE8 also uses multiple processes, it does not implement a sandbox, so it is vulnerable in similar ways to single process browsers. Don’t get me wrong, the sandbox is not perfect, I’m sure someone will find an exploit. But it does make Chrome harder to break into. Plugins will be a vulnerability, as they cannot yet operate in a sandboxed environment (Flash, for instance, requires access to the OS in order to run).