What a ClusterFuzz: Google details Chrome security

Developing a browser can be a tricky business, especially in the case of Chrome, which has an ever shifting codebase. Google's answer to the problem is a "fuzzing" infrastructure, a cluster of hundreds of virtual machines that run around 6,000 instances of Chrome simultaneously. Dubbed the "ClusterFuzz", the servers automatically download the Last Known Good Revision of Chrome and perform fifty million tests on it per day.

Google say that the capacity for the ClusterFuzz has quadrupled since they first built it, and is planning on quadrupling it yet again over the next few weeks. On the Chromium blog, Google details how the whole process is automated, including managing test cases, analyzing crashes, and verifying bug fixes.

There's also the challenge of efficient data storage: the crash reports may only be a few hundred kilobytes, but add them all up and you're talking about crunching through some serious data. Google tries to strip away as much as possible, obtaining only the essentially information required in the case of a crash or bug.

The advantage to building up the ClusterFuzz is that the system is also capable of detecting real time security regression issues. Over the past few months, the cluster has caught 95 unique vulnerabilities, and 44 of those were fixed before final browser releases. Google hopes to improve the system so that it catches even more regressions in the future.

[via Chromium Blog]