From the ‘Don’t Leave My Sandbox’ files:
Google was a bit slow in the beginning getting its Chrome browser ready for Linux. That’s now changing as Google is now set to take advantage of an advanced Linux kernel feature that could well make Chrome on Linux more secure than any other OS.
Chrome 23 dev-channel now takes advantage of the Seccomp-BPF feature that debuted in the recent Linux 3.5 kernel.
“Seccomp filtering provides a means for a process to specify a filter for incoming system calls,” kernel develop Will Drewry wrote in a mailing list message.
Google developer Julien Tinnes explainedthat,”with Seccomp-BPF, BPF programs can now be used to evaluate system call numbers and their parameters.”
In very basic terms, it means more control over the sandbox and less chance of escape for some kind arbitrary code execution.