blob: a6907803aaf32c0dd71a49f21d241552c662d0ab (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
|
# Security rules
This is a list of the security policies Chromium has published.
* [Rule of Two](rule-of-2.md) - don't handle untrustworthy data in the browser
process in an unsafe language
* [The browser process should not handle messages from web
content](handling-messages-from-web-content.md)
* [Behavior should be part of Chrome's binaries or delivered via component
updater](behavior-over-the-internet.md) rather than delivered dynamically
* Rules for [Android IPC](android-ipc.md)
* [Always assume a compromised renderer](compromised-renderers.md)
* [Use origin not URL for security decisions](origin-vs-url.md)
* [Controlling access to powerful web platform
features](permissions-for-powerful-web-platform-features.md)
You can also find our position on various matters in the [security FAQ](faq.md):
for example, on local attackers or on the privilege accorded to enterprise
admins.
|
