A lot of people may find it hard to remember a time before Chrome. But as Google's browser hits its 10th birthday Tuesday, it's worth noting one under-appreciated source of its popularity: how it made the web more secure.

Google developers didn't invent every improvement that made Chrome a more secure alternative to established competitors like Internet Explorer and Safari when it debuted. But they did architect the service to combine crucial components in a new way, creating a noticeably safer and more reliable browsing experience.

"What are we getting into with Chrome? Perhaps Web 3.0," WIRED wrote on September 2, 2008, the day Chrome launched. "The way it manages tabs, the way it treats errors, its blinding speed ... there's no doubt this is a game changer in the world of web development."

Crucially, Chrome managed tabs in a new way; its "sandbox" made each one run with its own permissions and protected memory. That way if one tab crashed it didn't crash the whole browser, and if an attacker tried to attack a Chrome user, she wouldn't be able compromise more than one site at a time. For the first time, a browser functioned more like an operating system, running many isolated programs on a permission system, rather than as a single free-for-all program.

"When Chrome started out, the big threat was drive-by malware, and I think people forget how common it was in those days," says Justin Schuh, a principal engineer who has worked on Chrome since 2009. "If you didn’t have an up-to-date browser, or even in some cases if you did, you might browse to a site and get malicious code on your system and you wouldn't know how it happened. So the original design of Chrome had two big pieces: auto-updates to make sure you always had the most updated version, and the Chrome sandbox to make sure that if there was a vulnerability that could be exploited we could confine that within the sandbox."

'I will be very, very upset if three to five years from now password phishing is still something that we don’t feel we’ve largely solved.' Justin Schuh, Chrome Engineer

These features that set Chrome apart in 2008 are now an industry standard, but at the time Google received criticism for its new browser's big bets. "There was a lot of resistance to auto-updates including from the Chrome security team itself—including from people who are actually on our team right now," says Parisa Tabriz, Chrome's director of engineering. "I remember one colleague thought auto-updates was the devil. He said it was taking away user choice, and put too much trust in one single point of failure. But now there’s been a huge shift in the industry that auto-update actually makes sense for browsers."

Chrome soon became known as the secure browser, and its original sandbox, combined with its phishing and malware protections from Google's Safe Browsing service, successfully protected users from most threats of the day. But as web hacking evolved and attackers moved away from drive-by downloads to rely more heavily on exploiting third-party components and services embedded in websites, Chrome scrambled to plug these other types of holes.

"We saw the most user compromises around 2011 and 2012," Tabriz says. "They were coming from third-party plugins that we couldn’t control like Flash. One of the interesting things about Chrome Security and the web overall is there’s a lot of partnership with other browsers. So Flash was a really powerful, cool, innovative technology, but also very proprietary and came with a lot of security problems. So we've moved to using an open standard with HTML5 that all the browsers can use."

Though Google is obviously aggressive about gaining Chrome users, and has built a whole ecosystem through Android that relies on Chrome, Schuh and Tabriz note that the browser is still underpinned by a massive open source project. And they add that in addition to publishing the code base, Chrome is also very intentionally developed in public, with contributors from around the world and discourse publicly visible in the Chromium forums. Google has even paid out more than $4.2 million through its bug bounty program to researchers who submit Chrome vulnerabilities.