Despite their best efforts, they have posted to their Chromium developer website that they cannot guarantee your security if you use Microsoft Windows.
Here is their disclaimer:
The operating system might have bugs. Of interest are bugs in the Windows API that allow the bypass of the regular security checks. If such a bug exists, malware will be able to bypass the sandbox restrictions and broker policy and possibly compromise the computer. Under Windows, there is no practical way to prevent code in the sandbox from calling a system service.
That's quite troublesome when you think about it. Google Engineers post up a 'caveat' -- their legal disclaimer, if you will.
In addition, third party software, particularly anti-malware solutions, can create new attack vectors. The most troublesome are applications that inject dlls in order to enable some (usually unwanted) capability. These dlls will also get injected in the sandbox process. In the best case they will malfunction, and in the worst case can create backdoors to other processes or to the file system itself, enabling specially crafted malware to escape the sandbox.
Simply put, Windows 8.1 legacy (x86) uses a legacy code base going all the way back to the Windows 2000 WinNT kernel.
Microsoft cannot fix the security issues which are under eternal attack unless they completely rewrite the operating system from the ground up. Enterprise is 'married' to the operating system with applications which must run 24x7. Microsoft cannot rewrite the code which is heavily depended upon. They have a dilemma and they really don't want you to know about it. They just keep diverting your attention to 'the attackers' away from themselves as though they have no responsibility.
This is the cost of using proprietary software. Unlike Open Source Linux, no one can see the code of Microsoft Windows, review it, inspect it for defects -- FOR MICROSOFT EMPLOYEE EYES ONLY.
This is the disadvantage that one accepts when agreeing to the Microsoft software licensing terms. Microsoft own the code -- the Licensee does not.
|Fedora 20 Linux running LXDE|
Be safe with Fedora Linux.
I stake my reputation on it.