The Chromium Projects

Search this site

Except as otherwise noted, the content of this page is licensed under a Creative Commons Attribution 2.5 license, and examples are licensed under the BSD License.

The Chromium OS designs and code are preliminary. Expect them to evolve.
Chromium‎ > ‎

Chromium Security

Chromium Security Features

Security is a key focus of the Chromium project (and the Google Chrome browser). Although this claim is easy to make, the Chromium project backs it up in various ways described in our Security Brag Sheet. The following links also provide more detailed information on a number of key security technologies in Chromium:

How can I get involved?

file a security bug in our bug tracker it will get prompt attention, be kept private until we coordinate a disclosure, and possibly qualify for a cash reward through our Vulnerability Rewards Program. For security issues other than reporting a bug, you can email us: security@chromium.org. For non-confidential discussions, please post to the technical discussion forums.

To get involved on a more permanent basis, please email security@chromium.org to apply for access to Chromium security issues. Applicants are expected to maintain active contributions to Chromium security and should be able to demonstrate at least one of the following before applying:
  • Relevant technical expertise and a history of resolving Chromium security issues.
  • A history of identifying and responsibly reporting Chromium security vulnerabilities.
  • Other expertise and/or roles that would allow the applicant to significantly contribute to Chromium security on a regular basis.
Please also note that Google also sponsors security positions to work on Chromium security. We are often hiring.

Chromium vulnerabilities

A history of Chromium security bugs is best researched by looking at previous Stable Channel updates on the Google Chrome releases blog. You can also search our bug tracker for publicly visible Fixed bugs with the Security label. All security bugs are rated according to our severity guidelines, which we keep in line with industry standards. If you require advance notice of Chromium security vulnerabilities, please request access via security@chromium.org. Your email should explain your need for access (embedder, Linux distribution, etc.) and your continued access will require that you follow the terms of list membership.

Rules for early access to Chromium security information

There is one simple rule for any party with advance access to security vulnerabilities in Chromium. This is that any details of a vulnerability must be maintained as confidential information that is shared only on a need to know basis. This handling must be maintained until such time as the vulnerability is responsibly disclosed by the Chromium project. Additionally, any vulnerabilities in third-party dependencies (e.g. WebKit) must be treated with the same handling criteria. Access will be terminated for any member who fails to comply with this rule in letter or spirit.

Sign in  |  Recent Site Activity  |  Terms  |  Report Abuse  |  Print page  |  Powered by Google Sites