"Chromium (chromes base) is separated into two protection domains. These are a browser kernel and rendering engine. The rendering engine domain runs in a restricted sand box environment. Web pages and plugins are both
executed in the rendering engine domain which means they have restricted access to your system. As with Gazelle, all communication to the kernel is done via a tight API proxied through IPC. From what I can tell, Gazelle offers no specific improvements over
chrome in this area."
Gazelle is fundamentally different from Chromium here. In Gazelle, there is one protection domain per principal, namely, web site. So, the number of protection domains is the same as the number of web sites that the user
browsers. This means that when a.com embeds ad.com, a.com and ad.com are placed in separate domains. In contrast, Chromium places them into the same protection domain. The key distinction between Gazelle and all its previous browsers is that the browser kernel
manages all cross-principal protections and resource management. In contrast, Chromium must do cross-principal protection in its rendering engine. This is what makes Gazelle's browser kernel a real OS, and Chromium's browser kernel not really an OS. Please
refer to Gazelle's tech report's related work for a very detailed comparison.
I'd also want to clarify that the goal of the Chromium's architecture is to protect the host machine from the browser and the web. The goal of Gazelle is to protect web site principals from one another --- such a protection
is an operating system's job, hence is the Gazelle approach. The resulting architecture naturally protects the host machine he browser and the web as well.