Hmm.. that's certainly an interesting case and brings up quite a few thoughts.
I'm just wondering if it would be worth creating every unique new tab in Incog windows as a separate container, kind of like how every unique new tab is a unique. It creates a whole new chunk of functionality that wouldn't be possible without externally sandboxing the browser via something like Sandboxie, or running a standalone / older version. Only problem with this and OPs post is both are still vulnerable from one thing: opening links from current page. (Since processes are chained) This still allows session scraping/stealing, history scraping (:visited attack was here), cooking stealing, proxy poisoning, etc. This could be fixed by securing every new tab from each other, regardless of how it was launched. It might add a slight increase of overall memory usage with the extra processes, but that would be worth the massive boost in security from Incognito Mode. (IMO) But it really depends how high a priority it is. Also, on the popup problem Nico mentioned, you can detect popup windows fairly easily since it is a unique cause of window-launching. Popups can still be attached to their parent process. While this still has a weak point, this is one i think everyone can agree on to be an acceptable risk. Also, not parsing popups until they are activated would prevent >99% of attacks, including Last Measure, the worst of them all. On Sep 13, 7:44 am, Caleb Eggensperger <[email protected]> wrote: > But just out of curiosity, what would you expect to happen if you detached a > tab? --~--~---------~--~----~------------~-------~--~----~ Chromium Discussion mailing list: [email protected] View archives, change email options, or unsubscribe: http://groups.google.com/group/chromium-discuss -~----------~----~----~----~------~----~------~--~---
