Sandboxing is a layer of security that Chrome places between attackers and their computer, aiming to isolate an attacker who has successfully exploited a vulnerability. When contained in a sandbox jail, an attacker will typically look for porous or fragile bits in the walls to throw rocks at. That is, he’ll try to gain additional privileges by taking advantage of other vulnerabilities. Our job is to make the virtual walls of the sandbox as strong and impenetrable as possible.

One juicy target for attackers is the operating system’s kernel: a large and complex code base. The latest stable version of Chrome introduces a new layer of sandboxing of Chrome renderers for the 64-bit versions of Chrome OS and Linux, based on a new kernel feature called seccomp-bpf. With seccomp-bpf we’ll install a small filter in the kernel that will quickly reject many of the rocks thrown by an attacker. A simple example: if we know that Chrome renderers don’t need a system call such as vmsplice, or a facility such as “inotify”, we can just deny them completely. We use a broker process model to keep the list of allowed system calls small.

Installing this filter in the kernel improves the security of our users. But it is just the beginning: using this new facility, we’ll continue to make the sandbox safer.

This new sandbox layer is automatically baked into the latest version of Chrome OS. On Linux, you can check by going to chrome://sandbox and look for “Seccomp-BPF sandbox Yes”. If this is not available, ask your Linux distribution to include and enable seccomp-bpf in its kernel, as Ubuntu has done since version 12.04.

As always, you can report bugs and issues here, by clicking on “New issue”.

It’s been too long since I’ve cracked out the Jolt and spent the wee hours hacking away on something. So tonight, I picked up a device from my collection and did the inevitable:

More details soon to a tech blog near you. Image release date? Whenever I get around to neatening this up for widespread consumption. Mad props to the Queen for that extra hour tonight, really handy as I’m sure you’ll all agree.

So a good friend of mine James (@Nxxus) is taking part in Extra Life this year to raise money for charity. More specifically, they’re trying to raise money for Children’s Miracle Hospitals.

On the 20th October, he and two friends will be embarking on an epic 24-hour sponsored gaming marathon, where they’re aiming to complete every Sonic game they can get their hands on (currently at a total of 19!).

Now James has set a few targets for his campaign:

• $200: Continuing past the 24 hours until they’ve finished every game on the list (livestreamed), unless there’s a medical reason they must stop
• $500: Complete removal of his eyebrows (livestreamed)
• $750: Dye his hair white (which he’s been growing for something like 5 years)

Now, because raising money for kids hospitals is awesome and seeing one of my best friends dye his hair white is icing on the cake, I’d like to help James out, by adding a fourth goal:

This is quite some way from being usable, so don’t get too excited, but I wanted to share where I’m up to with porting Chromium OS to the Raspberry Pi. Here’s a shot of a Pi running Chromium OS sat at the login screen:

A little under two weeks ago, I began offering Chromium binaries that run on the Pi. Using these same patches, plus the Raspberry Pi overlay that made it into the Chromium OS source tree some weeks ago, I’ve built an image that will run on the Raspberry Pi. By run, I mean you can boot up and browse pages. Browse them really, really slowly. This is because there’s no graphical acceleration, once we have that in place I expect this to run reasonably well.

I’m chipping away at adding in the required code to have the UI GPU accelerated, but it’s really not an area I know much about and so progress is slow. If you’re interested in getting this running, I may possibly set up some kind of bounty to get the code written, get in touch with me for more details (contact details are linked at the top of this page, @Hexxeh is usually best). My current plan is to remove X from the stack completely and run Chromium directly. However, this means making Chromium dispman aware, which is easier said than done.

Given the state that this is in, I’m not going to be providing an image, since it’s really so slow it’s not of use to anyone. The code is all publicly available, though, so somebody else could. Hopefully somebody will actually improve the state of things rather than releasing this raw version.

I’m happy to announce that Chromium binaries are now available for you to download and try out. These will ONLY work on Raspbian images, if you’re running Squeeze or anything that isn’t hardfp, don’t even think about it.

Whilst it’s not required, using the 224MB memory split, overclocking your Pi and using a fast USB stick or SD card for your root filesystem will improve your browsing experience. I’ve had the RaspberryPi.org blog frontpage load in as little as 5 seconds by combining all three of these. With that said, let’s get started.

If you’re closer to Europe than the US, type this into a shell: bash <(curl -sL http://goo.gl/5vuJI)
If you’re closer to the US than Europe, type this into a shell: bash <(curl -sL http://goo.gl/go5yx)

Let that command run for a while. It’ll download about 35MB and probably take a while to do it’s thing. Once it’s finished, you can launch Chromium by typing:

chrome –disable-ipv6

Make sure you specify the –disable-ipv6 flag, else your pages will take longer to load than they should (yes, this is probably a bug). This is somewhat of an experiment as the post title suggests, and your input in improving the experience is welcomed. Currently, builds are manual, but if they prove popular and useful, I’ll automate them and produce nightly builds.

Start looking now for Google Chromebooks at your local retailers.

At Google I/O , Google’s Senior VP of Chrome and Apps, Sundar Pichaihasm announced that Samsung’s Series 3 Chromebox and Series 5 Chromebook will soon be available in Best Buy stores in the US and Dixons in the UK.

ChromeOS has always been just a Chrome browser and very little else. With the latest development build, however, Chromebook owners can try out a window manager, a taskbar, and even desktop space. It's all still on the web, but it looks a lot more like a traditional operating system.More »

It’s hard to say how popular Chrome OS, Google’s browser-centric operating system, really is. There can be little doubt, though, that Google is quite serious about this initiative. Today, Google launched the latest developer version of Chrome OS and this update sports the first major redesign of the operation system’s interface since its launch in late 2010.

In this new version, Chrome OS almost looks like a traditional OS, with a full-blown desktop and window manager instead of just a browser and tabs. Aura, as this hardware-accelerated window manager is known, is Chrome’s next generation user interface framework and it is making its public debut in this new developer version of Chrome OS.

This update is quite a departure from Chrome OS’s origins. Until now, Chrome OS basically just gave users access to a single browser window at a time (you could already have multiple browser windows open on separate virtual screens) and launching new apps meant you first had to open a new tab and then look for the app you wanted to start. Now, Chrome OS features a Launchpad-like app launcher, as well as a Windows-like taskbar (Google calls it a “shelf”). Apps, it is worth noting, still start in a browser tab and not as stand-alone windows, though.

In short, Chrome OS now looks and behaves a lot more like the desktop operating systems it set out to challenge.

In a way, this almost feels as if Google is admitting defeat here. When Chrome OS launched, Google’s Sergey Brin argued that traditional PC operating systems were “torturing users.” Chrome OS was supposed to be all about “speed, simplicity and security” and Google wanted to use it to “re-think what operating systems should be.” This new version, however, does away with a bit of this simplicity in favor of greater functionality. That’s not necessarily a bad thing, though, and may just help Chrome OS gain more mainstream acceptance as new users will surely find it to be a more familiar experience.

While Aura is obviously the star of this update, it’s worth noting that the latest version also introduces support for files compressed in the tar, gz and bzip2 formats, as well as better support for multi-monitor setups.

Remember Lime? Now it’s back, and it’s better than ever. In fact, it’s every bit as good as Vanilla, but it also includes that extra hardware support you know and love from Flow, but with the bleeding edge freshness you got from Vanilla.

It’s 338 days late, sure, but with good reason. The version that was in progress back then was a hand-built image, that wouldn’t be updated daily. The current system will get freshly baked each day into an image that has the supreme hardware support, but also includes any new features and tweaks that appeared that day in Vanilla too.

Vastly improved hardware support!

Lime enjoys vastly improved hardware support compared to that of Vanilla. Here’s a list of the improvements in hardware support:

• Broadcom WiFi – BCM43XX
• Ralink WiFi – RT24XX, RT28XX, RT30XX
• Realtek WiFi – R8187SE, R8712U, RTL73, RTL8180, RTL8187, RTL8192XX
• nVidia GPUs – 6 series and newer

PAE requirement removed

If you were one of the unlucky folks to have a device that didn’t support a PAE kernel, you’re in luck, this is no longer a requirement with Lime!

Extra plugins as standard!

Need your fix of Java? Java is now fully supported with Lime! More plugins coming very soon!

You decide what gets added!

These are just a few of the changes featured in Lime, but there’s more! If there’s a piece of hardware that we don’t support where a Linux driver exists but isn’t being shipped, let me know and I’ll likely add it! Tweet me information regarding this. Please don’t post suggestions as comments to this post, as I don’t read them as regularly.

I know I’m rather late with this, but I did promise everyone who helped me to buy a Macbook Air that I’d get Chromium OS running on it: so I did and it’s pretty awesome.

Every piece of hardware works except for the Bluetooth (because Bluetooth isn’t supported by Chromium OS yet). So WiFi works, graphics are fully accelerated via nVidia’s drivers, screen brightness controls work, sound works, touchpad works. Basically everything works. The touchpad drivers could use some tweaking, as scrolling is currently painfully slow, but that’s about the only issue I can think of. Boot time is around 22 seconds to the login screen, most of which is wasted by Apple’s EFI implementation, as once control is passed to the kernel, the boot only takes a further 6-7 seconds thanks to the fast SSD inside the Air. Battery life is probably slightly better than that of OS X.

I’ve only tested this on an 11″ model of the Air (MacbookAir3,1), since that’s all I have, but I should think it’d work without issue on the 13″ version (MacbookAir3,2) too. I’ve also not tested previous generations of the Macbook Air, but I suspect they’ll work too. Infact, this image will probably work on quite a number of nVidia-based Macbook/Macbook Pro machines. I won’t be supporting anything but the MacbookAir3,1 and MacbookAir3,2 but if it just happens to work for you on something else, great!

Cross posted at the Google Code blog

We recently unveiled ChromeVox — a built-in screen reader for Chrome OS — during Google I/O 2011. This is an early developer beta that is designed to help authors of web applications come up to speed with platform accessibility on Chrome OS.

ChromeVox is built as a Chrome extension — this means that unlike most accessibility software, it is built using only web technologies like HTML5, CSS and Javascript. As the built-in accessibility solution for Chrome OS, it can help users with special needs access modern web apps, including those that utilize W3C ARIA (Access to Rich Internet Applications) to provide a rich, desktop-like experience.

ChromeVox leverages two of Chrome's experimental extension APIs, the experimental.tts API for cross-platform text-to-speech, and the experimental.accessibility API that lets an extension listen for accessibility events in Chrome's menus and toolbars. In turn, ChromeVox exposes a simple screen reader API to web developers who wish to further customize the ChromeVox user experience. Thus, within your application, you can:

• Automatically generate spoken messages and earcons.
• Set ChromeVox to synchronize with your application's current focus.

ChromeVox also comes with an interactive online tutorial that demonstrates how users of spoken feedback interact with webpages. Examples range from static content to interactive applications. You can test these same navigation techniques within your own applications to quickly verify users can reach all portions of your application using the keyboard and obtain meaningful feedback. You can then annotate your application with the necessary ARIA properties and other accessibility enhancements to ensure that blind and visually impaired users gain complete access to your application. Please see our Google I/O 2011 talk for more.

Details on enabling accessibility in Chrome OS can be found on the Accessibility help page, and the Chrome extension is available for download from our Wiki page. For now, ChromeVox is targeted at end-users on Chrome OS, but it may also prove a useful tool to web developers using Chrome on all major platforms. We welcome your feedback via our Open Source project website at http://google-axs-chrome.googlecode.com.

It’s more likely than you think. Starting today, the Vanilla build page will be building both VirtualBox and VMWare images every day along with the USB image. This means you can test out the latest changes without needing to burn a copy to a USB stick. Using these images is super easy, and isn’t reliant on your device being compatible! For the VirtualBox downloads, you get a VDI file, or a VirtualBox Disk Image. To use this, just create a new virtual machine in VirtualBox, and when it asks whether you want to create a new hard drive or use an existing one, point it to the VDI file you downloaded and extracted. When asked how much memory you’d like to assign, 2GB is ideal, but 1GB should work fine. Using the VMWare downloads is even easier! Simply download, install VMWare Player and then double click the VMX file in the archive you downloaded.

What could make this better? What if the images received automatic updates daily, without needing to download a whole new image? Turns out, they do! At long last, the Vanilla AU service has returned. This is still in a testing stage really and it might break at a moments notice, but if you’ve got any problems with AU, let me know via Twitter and I’ll try to fix any issues you can find. The AU service also works for USB images, too. Some users running recent Vanilla images might be offered an update automatically, but if you’re not, simply download today’s image (13th March 2011), and you’ll be ready to receive updates.

Home of...um, well, Hexxeh...

Turns out a recent update to ChromeOS has added GSM support for the Gobi 3G chip that’s in the Cr-48, and it’s working just great.

Since some people seem to want to run their Cr-48 on AT&T and so on, I figured I should share. Turns out, it’s really easy to enable. You need to be in developer mode, but that’s pretty much the only requirement. As usual, you do this totally at your own risk and I’m not responsible for anything that might go wrong. Basically, the standard disclaimer crap. With that said, here’s the howto:

1. Pop your SIM card into the slot under the battery (must be a full-size SIM, microSIMs you’ll just lose in there, fine if you use an adaptor though)
2. Make sure you’ve enabled developer mode – do this by flipping the switch under your battery
3. Once you’re booted into developer mode and logged in, press Control-Alt-T
4. This opens crosh, a limited command shell. Since we’re in developer mode, we can get a full shell. Type the word shell and press enter.
5. You’ll get a shell that starts with ‘chronos@localhost / $’. Once you’ve got this, we can type in the command that flips over to GSM.
6. Type the following command: modem_set_carrier “Generic UMTS”
7. Wait a couple of minutes, then you can exit the shell by typing exit twice.
8. Your 3G should be usable assuming you have an active service plan on that SIM card, and that ChromeOS knows your APN settings.

This is all totally unfinished right now, I just saw that the changes had shipped in a recent update and decided to see if they worked, turns out they do. However, there are a few drawbacks:

• Your APN details have to be part of a hardcoded list list in flimflam, you can see this list here.
• Your carrier name won’t appear in the UI, nor will any usage details. Don’t complain if you run up a huge bill, same deal here as tethering when it comes to data usage.
• It’s totally experimental, so it might break totally unexpectedly.

Google isn't just bringing the Chrome Browser to Pwn2Own 2011 -- this time, it's also bringing its own hardware. The Cr-48 Chrome OS laptop will be on hand for the browser exploiting hullabaloo, and Google is offering $20,000 and a CR-48 notebook for a successful exploit. According to the event's organizer, the attacker will also need to escape Chrome's sandbox. At last year's event, prominent researcher Charlie Miller said that's no easy task, so we're very curious to see whether someone will succeed this time around.

Offering cash for exposing vulnerabilities isn't anything new for Google, of course. The Big G just paid one developer $7,500 for finding a trio of vulnerabilities in Chrome back in January.

Our pal Hexxeh is at it again, only this time it's not Google's Chromium OS that he's hacking -- it's the Google Chrome OS Cr-48 laptop. We've previously shared posts about installing Ubuntu, Windows 7, and OS X on the CR-48, but the process has been a little on the complex side until now.

Hexxeh's new tool -- Luigi -- simplifies the process greatly. As long as you can follow his 12-step program and don't mind popping open the CR-48 case for a quick bit of hardware tinkering you'll be able to install your OS of choice in no time. Once you've downloaded Luigi using wget from a Chrome OS terminal window, a firmware flash and a reboot is all that's needed to enable booting any OS installer via a USB drive.

Check out Hexxeh's video after the break to see how the process unfolds!

Got a Cr-48? Want to see what’d it be like to run Windows 7 or Mac OS X on there? Now you can. Meet Luigi…

Luigi is a firmware toolkit for the Cr-48 that lets you flash your devices firmware to load any OS unmodified. And it’s super easy to use. Once you’ve flashed over to the custom firmware, CrOS updates will probably break until you revert. Don’t fret, however! Luigi lets you flash both ways, so you can take your Cr-48 back to the state it was in when you started if you wish. However, it does require you to crack open your Cr-48. This is actually a security feature (if you can flash your firmware, so could a malicious program, and that could mean bricked device!), and so to disable it, you simply need to remove the bottom cover of your device. This does, of course, void any warranty you might have with Google and so you do so entirely at your own risk. This could, if it were to go wrong, turn your device into a shiny paperweight. Don’t come crying if it does. If you attempt to run this on a device other than a Cr-48, it will very likely brick it. However, with that said, let’s begin:

1. Remove the casing of your Cr-48. To do this, you need to remove the battery, and the rubber towards the back of the underneath of the device. Doing this exposes two extra screws. Unscrew all the screws you can see on the underneath of the device. Once you’ve done this, the device should pry apart, starting from the back under the screen hinge. Work your way around, starting with the side with the SD card slot on. Be very careful when you do this, as you don’t want to break any of the tabs that hold the casing on.
2. While you have the device open, go ahead and turn the developer mode switch on. You’ll need to do this to run the Luigi installer.
3. Once the casing is removed and you’re in developer mode, lie your Cr-48 on it’s screen and plug the power cord in. Now press the power button, and then when you get to the recovery mode screen, press Control-D to boot into developer mode. If it’s the first time you’ve booted into developer mode, it’ll take around 5 minutes to erase your stateful partition. Everything is in the cloud, so you shouldn’t lose anything, remember?
4. Once it’s booted, connect your WiFi and make sure you can get onto the internet.
5. Press Control-Alt-F2 (Control-Alt-Forward) to open a shell. Login with the username “chronos”, no password is required.
6. Once you’re at a shell, simply type in the following command and press enter: wget bit.ly/run-luigi && sudo bash run-luigi
7. Luigi will then download and run, and present you with a screen with a small disclaimer. If you accept this, press enter to get to the main menu.
8. You now have two options. Press 1 to flash the custom firmware, and then press enter.
9. At this point, the custom firmware will be downloaded and flashed. Once it has finished, provided there are no errors, it will tell you to press enter to reboot.
10. That’s it, your device will reboot and the new firmware will be installed.
11. Once you’ve verified the new firmware is installed and works, put your device back together.
12. From here, you can plug in a USB stick/USB CD drive and install an OS of your choice.

After a 2 month hiatus, the Vanilla builders are finally back online. I’ve done some work to bring an incremental build down to just 20 minutes. As a result of this, I may increase the frequency of builds from daily to twice daily. These are still the same Vanilla builds as before, which means we’re still shipping support for the Chrome Web Store, the fancy new login UI and so on. However, as a result of our server move, Vanilla AU is down for the time being. Rather than try to set up the hacky system I had before again, I’m going to re-implement the AU server from scratch. This will be open source, and we’ll have more details on this in the coming weeks. Which brings me to today’s second big announcement; Lime.

ChromiumOS Lime is the successor to ChromiumOS Flow, and brings together the bleeding edge freshness of a Vanilla build and the expanded hardware support you’re used to in a Flow build. I know lots of you have been asking for an update to Flow, and I’m sorry you’ve been waiting so long. So here’s the good news. I’m aiming to release Lime within the next two weeks. It will ship with Lime AU as part of the image, but the servers will not be live at launch. The goal is to release within two weeks, but I’m not making any guarantee that it will be available within two weeks. However, we’ll be starting limited betas so that I can test on hardware I don’t own in the next week or so. If you’d like to be a part of this, then make sure you’re in the IRC channel (##hexxeh on irc.freenode.org). You can also watch the status of the builders in there, and get notified when a new Vanilla build is completed.

Lastly, I’d like to send a huge thank you to Google: I spent the last week over in California at their Mountain View campus, and got the chance to watch the Chrome event on Tuesday with the Chrome/ChromeOS team! I had an awesome time, and it was fantastic meeting the teams! Thanks for being so supportive of my project in general.

It was only a matter of time: a page on the Chromium Projects website has emerged, detailing how to install Ubuntu on a Cr-48 netbook. The process is, understandably, a little risky -- but it's not like there are any tech bloggers out there that don't know how to use Linux, right?

Snarkiness aside, the process is actually very easy. You have to hack at the SSD's filesystem a little and fiddle with the Chrome OS kernel, but if you do everything right, you should be rewarded with a dual-boot system capable of running both Ubuntu and Chrome OS.

The best bit, though, is that you have to enable 'developer mode' to escape Chrome OS's 'verified boot' security measure. To do this, you need to flip a switch on the back, under the battery, as per the hilarious instructional photo shown after the break.

Former Googler, FriendFeed founder and Facebook-er turned investor Paul Buchheit just tweeted this zinger:

Prediction: ChromeOS will be killed next year (or “merged” with Android)

Considering his former employer just launched the Chrome OS pilot program last week, the comment may sting a little over at Mountain View, although it should be noted Buchheit is hardly the only one predicting that Google’s Linux-based operating system will go the way of the Wave soon enough.

Google to date has posited that Android and Chrome OS, its two operating systems, address different markets that will remain distinct despite the growing convergence of the devices they run on (netbooks, tablets, smartphones). Google co-founder Sergey Brin, however, has very recently stated that Google will likely “produce a single OS down the road”.

Ironically, the key architect of the Chrome OS project, Matthew Papakipos, left Google over the Summer — for a job at Facebook, Paul Buchheit’s most recent former employer.

If the man’s less-than-140-characters prediction is right on the money, Android will become the dominant operating system – and considering its current traction, that would hardly be a surprise – while Chrome OS will perish before 2011 is over.

Update: more from Buchheit in the FriendFeed thread:

ChromeOS has no purpose that isn’t better served by Android (perhaps with a few mods to support a non-touch display).

I was thinking, “is this too obvious to even state?”, but then I see people taking ChromeOS seriously, and Google is even shipping devices for some reason.

Do you agree with his assertion, or do you think Chrome OS and Android can co-exist?