Chrome's security overhaul begins with PDF plug-in

Starting with the plug-in used to view PDF files on the Web, Google has started to rebuild Chrome using a foundation called Native Client to improve security.

Stephen Shankland Former Principal Writer
Stephen Shankland worked at CNET from 1998 to 2024 and wrote about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise Processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science. Credentials
  • Shankland covered the tech industry for more than 25 years and was a science writer for five years before that. He has deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and more.
Stephen Shankland
4 min read
Google Chrome logo

Google has begun work on the first step of rebuilding Chrome from the inside out on a more secure foundation called Native Client, CNET has learned.

That first step is the built-in Chrome module used to let Google's browser read PDF (Portable Document Format) files. Linus Upson, vice president of engineering for the Chrome team, revealed the plan in May at the Google I/O conference, and now evidence is emerging that the first step is under way.

References to the Native Client version of the PDF extension have begun cropping up on the Native Client's bug-tracking database. Programmers are encountering problems with scrollbar rendering, Gmail integration, loading PDF files, and displaying URLs when the mouse pointer hovers over a link

Some are tagged with a Chrome 14 completion schedule. That's not a commitment that the bugs will be fixed in time for the current version of Chrome under development, but it does indicate that the work is for a near-term project, not a distant idea.

Native Client, or NaCl for short, is a technology for running software within the confines of two protected sandboxes. Google expects it to combine the convenience of running JavaScript software built into Web pages with the performance of native software written for a particular operating system and processor. Using an idea called static analysis, NaCl software modules are examined in advance to make sure they don't use a particular subset of restricted operations such as writing data to a hard drive. Specially modified programming tools must be used to create Native Client modules.

Google initially pitched Native Client as a way to accelerate Web applications to native-app speeds. It demonstrated its use in processor-intensive operations such as photo manipulation and playing the game Quake. At Google I/O this year, though, CNET learned that Google plans to rebuild Chrome itself as a NaCl package. That would add an extra layer of security to the software and make it that much harder for someone to exploit the browser--or the Chrome OS operating system--as a vector for an attack.

For now, Native Client is a plug-in built into Chrome rather than the other way around. It uses a plug-in interface called Pepper. Note that NaCl is the chemical abbreviation for sodium chloride, better known as salt.

It's not clear exactly how long it will take to rebuild all of Chrome atop NaCl. Native Client itself isn't finished; for the present it's off by default, though people can experiment with it by enabling it by typing "about:flags" into the address bar.

Initial steps
The company is proceeding cautiously.

First, "we have to make sure Native Client proves its way," Sundar Pichai, senior vice president of Chrome, said in a May interview.

"I'd say it's a dream more than a plan right now," added Brian Rakowski, director of product management, speaking of the effort to rebuild Chrome on NaCl.

Nevertheless, it shows the extent to which Google wants to make security a selling point for Chrome and Chrome OS. With Chrome, Google led the charge to auto-updated software that silently replaces itself with new versions. That means Chrome--or built-in components such as Adobe's Flash Player--can rapidly be replaced to shut down a newly discovered vulnerability.

Of course, it also means software can change without its users getting a say-so, but Google believes the tradeoff is worth it. That's especially the case with Chrome OS, which functions as an operating system, not merely a Web browser.

"In the Windows ecosystem, you assume the user is taking care of all of this," Pichai said. Google believes online software distribution can put the responsibility back where it belongs, with the software's maker.

The company stands to directly benefit from greater browser security. For example, Gmail users were the target of at least two serious hacking attempts the company said originated in China, and an Iranian attack could have granted a malicious third party an ability to create fake encryption certificates for Google.

So now, Google is modifying Chrome so Gmail can only be used over a secure connection and so secure Google sites require an encryption certificate from a short list of trusted providers.

New security risks?
One of the big factors for Native Client is that it potentially opens new security vulnerabilities. It is, after all, a new interface for executing software that isn't available today.

Native Client has passed one security exam, though. And Google got a modest endorsement from none other than John Carmack, the iD Software programmer who created Quake and Doom.

Carmack compared Native Client to WebGL, a new standard for building hardware-accelerated 3D graphics into the Web. WebGL has come under security scrutiny by Microsoft and others.

Carmack echoed Microsoft's WebGL concern in a tweet, then dropped in a good word for Native Client: "NaCl is much, much easier to make secure than WebGL, even though it sounds scarier."