Chrome browser acts more like an OS, but security is unclear

Google’s making its Chrome browser even more like an operating system and is attempting to change the way we work forever.

Google has announced that forthcoming releases of its Chrome browser will be able to run apps in the background. Essentially, the feature moves Chrome one step closer to becoming a true application platform -- and with continuing efforts to develop HTML5, in a few years time it's very likely the Chrome browser will have more in common with an operating system than a humble Web browser.

Google says the new feature will see use "checking for server-side changes and pre-emptively loading content into local storage," and it's not hard to imagine how apps could use the feature. A chat application could listen for messages, for example, and then pop up a new window should somebody want to message you. A cloud office suite could watch for changes made to your online docs and download them locally, ready for you to work on them instantly when you choose.

The background processes keep running for as long as Chrome is running, even if no browser windows are open. Right-clicking the taskbar icon will allow users to see what background apps are running.

One of the central definitions of a contemporary operating system is the capability to run tasks in the background. MS-DOS did it with infamous terminate-and-stay-resident programs, while Windows does it with Services. Linux and Unix use daemons.

As with those operating systems, significant security issues come up with the capability to run background apps. Running code in the background without the user's knowledge is the modus operandi of viruses, for example.

It's not clear how Chrome is going to be able to tell apart good and bad background processes, or whether Google intends to rely on third-party applications like antivirus suites to do so.

Google says "backgrounding" will be allowed only for apps and extensions, and not Web pages, which will avoid drive-by infections from nefarious Websites. Chrome users already have to confirm installation of apps and extensions, giving security warnings at the time. If the app or extension isn't offered via Google's official distribution channels, it's usually blocked from installation unless the user makes a configuration change allowing it.

However, as anybody who's used the Android Marketplace will know, Google takes a laissez-faire attitude towards monitoring apps. Last year the company pulled around 50 third-party and unauthorized Android banking apps from the Marketplace after suggestions came up that they could easily be used to harvest account details.

To ensure user safety, the bar for app and extension quality is going to have to be set high, and there's no indication in this announcement that that's going to happen.

However, security issues aside, Google's efforts will bring a smile to cloud computing advocates. By blurring the distinction between browser and operating system, Google's making it far more intuitive for us both to work and store our data online. Of course, data is what Google is interested in, and it seems Google won't be satisfied until it has control of all the data in the world.

It's not hard to imagine a future scenario whereby we first boot our computer and then "boot the Internet" by double-clicking a browser like Chrome. Upon starting, Chrome will automatically log into all our favorite Web applications, and start any necessary background services. The new tab screen within Chrome, which shows installed apps, could easily evolve into a desktop-like experience in the future, wherein users are able to start and stop apps, and manage any data stored online.

A lot has been written about whether the Chrome browser or OS will ultimately succeed, but it's not an either-or situation. It's better to view the projects as two heads of the same animal. If you buy a new computer, then Google can provide an operating system, but if you prefer to stick with what you know -- such as Windows, Mac OS X, or Linux -- then Google will offer you the same functionality via a program you can download.

Essentially, Chrome browser and Chrome OS are heading in the same direction, which is to turn the Internet into an platform where we all can work. If we're ready to abandon our desktops, however, is yet to be seen.

Keir Thomas has been making known his opinion about computing matters since the last century, and more recently has written several best-selling books. You can learn more about him at His Twitter feed is @keirthomas.

Join the CSO newsletter!

Error: Please check your email address.

Tags open sourcebrowser securityapplicationsGooglebrowserssoftwaredata protection

More about F-SecureGoogleKillerLinuxWikipedia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Keir Thomas

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts