Google packages web apps for the desktop
Under the new implementation, packaged apps may save resources locally and indeed do so by default. The application itself is also loaded from local storage, which enables it to be distributed completely offline as well. Applications developed in this way will also get more control over their own windows and receive privileges akin to native apps which allows them to access system-level resources like USB, Bluetooth and other device interfaces via new APIs provided within Chrome.
eval() function to prevent packaged apps from accessing each other's resources. Developers can still use these features in what Google calls "sandboxed pages", which do not have the extended privileges of the rest of the packaged application.
Packaged apps also implement an Android-like permissions model which requires users to explicitly sign off on the privileges each application receives. To increase the security of web content shown in the application, Google has introduced a "browser tag" to load web content in an isolated instance of Chrome embedded in the web app. This confines any insecure code loaded straight from the web to this Chrome instance, which is also sandboxed.