Slashdot Mirror

← Back to Stories (view on slashdot.org)

Microsoft's Edge Was Most Hacked Browser At Pwn2Own 2017, While Chrome Remained Unhackable (tomshardware.com)

Posted by BeauHD on from the better-luck-next-time dept.

At the Pwn2Own 2017 hacking event, Microsoft's Edge browser proved itself to be the least secure browser at the event, after it was hacked no less than five times. Google's Chrome browser, on the other hand, remained unhackable during the contest. Tom's Hardware reports: On the first day, Team Ether (Tencent Security) was the first to hack Edge through an arbitrary write in the Chakra JavaScript engine. The team also used a logic bug in the sandbox to escape that, as well. The team got an $80,000 prize for this exploit. On the second day, the Edge browser was attacked fast and furious by multiple teams. However, one was disqualified for using a vulnerability that was disclosed the previous day. (The teams at Pwn2Own are supposed to only use zero-day vulnerabilities that are unknown to the vendor. Two other teams withdrew their entries against Edge. However, Team Lance (Tencent Security) successfully exploited Microsoft's browser using a use-after-free (UAF) vulnerability in Chakra, and then another UAF bug in the Windows kernel to elevate system privileges. The exploit got the team $55,000. Team Sniper (Tencent Security) also exploited Edge and the Windows kernel using similar techniques, which gained this team the same amount of money, as well. The most impressive exploit by far, and also a first for Pwn2Own, was a virtual machine escape through an Edge flaw by a security team from "360 Security." The team leveraged a heap overflow bug in Edge, a type confusion in the Windows kernel, and an uninitialized buffer in VMware Workstation for a complete virtual machine escape. The team hacked its way in via the Edge browser, through the guest Windows OS, through the VM, all the way to the host operating system. This impressive chained-exploit gained the 360 Security team $105,000. The fifth exploit against Edge was done by Richard Zhu, who used two UAF bugs--one in Edge and one in a Windows kernel buffer overflow--to complete the hack. The attack gained Zhu $55,000. At last year's Pwn2Own 2016, Edge proved to be more secure than Internet Explorer and Safari, but it still ended up getting hacked twice. Chrome was only partially hacked once, notes Tom's Hardware.

81 of 147 comments (clear)

  1. Windows and Edge security by Anonymous Coward · · Score: 5, Informative

    are an oxymoron.

  2. Um, Edge is more secure than Chrome... by Biogoly · · Score: 5, Funny

    Or are going to tell me those Windows 10 pop-ups are lying? Hmmm?

    1. Re:Um, Edge is more secure than Chrome... by mykepredko · · Score: 1

      I wish I had mod points. Nice.

      --
      Mimetics Inc. Twitter
    2. Re:Um, Edge is more secure than Chrome... by Frosty+Piss · · Score: 1

      Microsoft has a reputation to live up to...

      --
      If you want news from today, you have to come back tomorrow.
    3. Re: Um, Edge is more secure than Chrome... by Anonymous Coward · · Score: 3, Funny

      I use chrome on Windows so I get the best possible ad experience, since both Microsoft and google get my preferences that way, instead of just one megacompany.

    4. Re:Um, Edge is more secure than Chrome... by Samurai+Nigel · · Score: 1

      To be fair, Windows 10 says Edge is more secure than Firefox. (It only says it uses less battery than Chrome.) ;)

  3. But, but. . . by quonset · · Score: 4, Funny

    It gives your laptop better battery life!

    1. Re:But, but. . . by MightyMartian · · Score: 1

      That's probably true. It's so bereft of features that it probably does take a lot less clock cycles. But then again, if that's the only argument, then Links is probably the hands down best winner, or maybe "telnet wherever.com 80"!

      Microsoft's proclamations about the wonders of its products are beginning to resemble those satirical Monty Python faux-ads about Crelm Toothpaste.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    2. Re:But, but. . . by Anonymous Coward · · Score: 1

      Battery life was a legit beef with Chrome - Chrome had gotten pretty lazy about policing it's processes and tended to let bad javascript/video decoding/etc run unchecked. Modern laptops are efficient but they'll chew up your battery if chrome demands all your cores/threads run full tilt.

      Last few versions of Chrome have gone a long way to tamp down on obvious waste and upcoming features will sleep/suspend unused tabs by default.

    3. Re:But, but. . . by thegarbz · · Score: 1

      I think it's fair to say it "gave" you better battery life.

    4. Re:But, but. . . by Zaatxe · · Score: 1

      But does it have electrolytes?

      --
      So say we all
    5. Re:But, but. . . by CastrTroy · · Score: 1

      The battery does.

      --

      Anthropic principle: We see the universe the way it is because if it were different we would not be here to see it.
    6. Re:But, but. . . by AmiMoJo · · Score: 1

      Malware must be getting more efficient.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:But, but. . . by Zaatxe · · Score: 1

      Good, because that's what the laptops crave.

      --
      So say we all
  4. Re:I use chrome by 110010001000 · · Score: 4, Informative

    Why are you running Chrome without an adblocker? I really don't understand people. Use an adblocker, always. Use Ghostery if you are worried about tracking.

  5. Re:I use chrome by geekmux · · Score: 3, Insightful

    ...it's hideous how it tracks you.

    I don't have anywhere close to this unnerving tracking with Safari or Firefox.

    You're running a browser created by the same organization who has essentially indexed our digital universe, and turned that into a multi-billion dollar empire.

    At this point, shareholders practically demand perpetuating "hideous" activity.

    The irony here is Chrome users feel more secure than ever.

  6. LOL by mykepredko · · Score: 1

    What else is there to say?

    --
    Mimetics Inc. Twitter
    1. Re:LOL by speedplane · · Score: 2

      What else is there to say?

      I'm starting to feel bad for MS these days. They've gotten so much better and are no longer truly evil, but just can't win.

      --
      Fast Federal Court and I.T.C. updates
    2. Re:LOL by MightyMartian · · Score: 2

      I have Onedrive ads popping up on one of my computers every time a File save dialog opens. Microsoft is the same evil, dirty player it ever was. It just doesn't have penetration on the biggest growth platform, so it's position is more vulnerable.

      --
      The world's burning. Moped Jesus spotted on I50. Details at 11.
    3. Re: LOL by Anonymous Coward · · Score: 4, Insightful

      You shouldn't have to turn off ads on your fucking computer, there should be no ads.

    4. Re:LOL by serviscope_minor · · Score: 4, Informative

      They've gotten so much better and are no longer truly evil,

      Yeah they are. They have less utter dominance of the PC market, so have less opportunity to be evil in a very public and mustache twirling way, but don't be fooled.

      Take for example SDXC and exFAT. exFAT is a not especially good and not innovative filesystem that exists for the sole purpose for Microsoft to have osme patents on it so they can engage in rent seeking. A great example is mnaging to somehow maniuplate the SD card forum into adopting it so the only compliant cards must use it.

      It's a transparent attempt at both rent seeking and blocking open source software.

      --
      SJW n. One who posts facts.
  7. Firefox? by Gnu+Zealand · · Score: 1

    Does anyone have the results for Ff? Was it included?

    1. Re:Firefox? by Gnu+Zealand · · Score: 2

      No matter; it was in the article. (blush) "Firefox" "Firefox was back at this year’s Pwn2Own after missing last year, seemingly because the browser would’ve been too easy to hack. Things have changed a little since then, though; Firefox has gained some partial sandboxing capabilities. Two hacking attempts were made against Mozilla’s browser during the contest. Only one succeeded through an integer overflow in Firefox and an uninitialized buffer in the Windows kernel to elevate system privileges."

    2. Re:Firefox? by Anonymous Coward · · Score: 5, Funny

      The Firefox target host ran out of RAM and crashed before it could be p0wned.

  8. Re:I use chrome by AHuxley · · Score: 1

    Secure for their ads, not the users.

    --
    Domestic spying is now "Benign Information Gathering"
  9. Re:do they ever test secure configurations? by gweilo8888 · · Score: 4, Insightful

    Yes, how dare they test things in the default configuration that only 99% of users will be using.

  10. Pity, since I can't accept the EULA by Ungrounded+Lightning · · Score: 1

    Google's Chrome browser, on the other hand, remained unhackable during the contest.

    Unfortunately for me, I can't accept Chrome's EULA.

    It incorporates Adobe's, which (if I recall correctly from my AT&T Android-based smartphone) has several clauses I can't abide - including a never-compete, don't block updates, don't work on circumvention tools, we can change the license without notice, ...

    I don't intend to do anything that might come back to limit my future software work or employability. Clicking through such a license (even if every bit of it is struck down by the courts - which I'm not holding my breath expecting), especially on a device that "phones home" in a way that is easily identified with my true name, is an invitation for an all-versus-one gladiatorial match with two multibillion-dollar corporations' legal departments.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
    1. Re:Pity, since I can't accept the EULA by ChunderDownunder · · Score: 1

      Just curious, is the licensing for the open source bits, Chromium, any less scary?

      I do use Firefox as my main browser but keep Chome and/or Edge handy for 'legacy' sites that expect flash. (Oh and not pr0n, things like my university's portal. Amusingly though, the student portal recently popped an error saying Flash 9 was required and wouldn't work in either of those browsers!)

    2. Re:Pity, since I can't accept the EULA by wasteoid · · Score: 1

      I guess you're still using Lynx?

    3. Re:Pity, since I can't accept the EULA by Gravis+Zero · · Score: 1

      Unfortunately for me, I can't accept Chrome's EULA.

      It incorporates Adobe's, which (if I recall correctly from my AT&T Android-based smartphone) has several clauses I can't abide - including a never-compete, don't block updates, don't work on circumvention tools, we can change the license without notice, ...

      I don't intend to do anything that might come back to limit my future software work or employability.

      There is a distinct difference between a rational concern and paranoia. This is the later.

      paranoia : a tendency on the part of an individual or group toward excessive or irrational suspiciousness and distrustfulness of others

      --
      Anons need not reply. Questions end with a question mark.
    4. Re:Pity, since I can't accept the EULA by Anonymous Coward · · Score: 1

      When you say paranoia, are you referring to the parent poster or the EULA?

      "including a never-compete, don't block updates, don't work on circumvention tools, we can change the license without notice"

      The EULA sounds paranoid of its users.

    5. Re:Pity, since I can't accept the EULA by OpenSourced · · Score: 2

      don't work on circumvention tools

      So that's how Chrome remains unhackable!

      --
      Rome taught me patience and assiduous application to detail. Virtues which temper the boldness of great, general views.
  11. Bugs du jour by nuntius · · Score: 5, Insightful

    Interesting how well-known issues such as use-after-free, heap overflow, type confusion, and uninitialized memory are still common attack vectors.

    Seems to support the arguments for efficient, type-safe languages such as Rust.

    1. Re:Bugs du jour by Anonymous Coward · · Score: 1

      Rust doesn't have a GC, or much of a runtime really.

      Also, I imagine the entire rust standard library + anything you might call a run-time is drastically less code than Edge, and can be secured once, instead of for each application.

    2. Re:Bugs du jour by AmiMoJo · · Score: 5, Interesting

      Chrome is mostly C, and it's the only one that didn't get hacked. Relying on type-safe languages doesn't seem to be as important as designing your app to be secure from the ground up.

      Chrome is actually a pretty impressive bit of engineering. It's extremely secure, but also extremely fast. It takes unchecked, often malicious data as an input and safely and quickly displays it. There is even a high performance scripting language built in. Apparently this is quite a hard thing to do as well, since everyone else keeps failing at it.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Bugs du jour by MrVictor · · Score: 1

      The idea of Rust is cool but in real life it sucks

      - Is a Mozilla creation -> strike one
      - More articles written about it than there is code -> strike 2
      - Unsafe Rust must be used extensively in any sizeable project which renders all proselytizing about memory safety moot -> strike 3

  12. Re:How come no Russian browsers? by AHuxley · · Score: 1

    Russia learned a lot on how the CIA got the text to Khrushchev's "On the Cult of Personality and Its Consequences" speech https://en.wikipedia.org/wiki/....
    Russian staff work on paper files in secure building now.
    Stay in restricted city, town. No way MI6/CIA can get in to offer cash for file.
    In West policy created by party political think tank on web browser connected to internet.
    Many other nations read along in real time as policy correction made and then final document is prepared.

    --
    Domestic spying is now "Benign Information Gathering"
  13. Here come all of the Indians hired to to do PR by marcgvky · · Score: 2, Funny

    And the bulk of comments will be that Microsoft is so wonderful, in spite of the mega-awful flaws.... we love it! Right?

    1. Re: Here come all of the Indians hired to to do PR by Tablizer · · Score: 1

      R.T.F.L.M.

      --
      Table-ized A.I.
    2. Re:Here come all of the Indians hired to to do PR by thegarbz · · Score: 1

      And the bulk of comments will be that Microsoft is so wonderful

      You must be new here.

    3. Re: Here come all of the Indians hired to to do PR by EndlessNameless · · Score: 1

      How does your staff support VIP and execs that need access to internally and externally hosted shared calendars across iphones, android and windows pc outlook clients?

      VPN.

      Or use a web- or cloud-based application---you can still enjoy single sign-on with federation.

      How do you remotely wipe phones and laptops when an employee is terminated, and verify backups prior to issuing the wipe if needed?

      Every platform has a way to do this, including iPhone, Android, and Linux. Windows is not special.

      What process do you use to audit pc clients are patched to required compliance levels?

      Windows has no native capability to do this. You are either paying for System Center or using a third-party solution.

      People will real patching requirements cannot use the "free" WSUS since it only patches MS products and leaves other software completely unmanaged. No matter what, you have to spend money to fulfill this requirement.

      And how long would it take to hire and on board two new IT staff for $75k each (more in nyc, sf) to administer that solution set?

      As I've indicated, you need non-native tools to secure and manage Windows at the enterprise level. You will always need more than a random MCP if you're serious about security.

      My employer has no issues finding competent staff.

      --

      ---
      According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
  14. Chinese? by speedplane · · Score: 4, Interesting

    Is it just me, or was every single winner in pwn2own asian? Here's the youtube video: https://www.youtube.com/watch?...

    It's not entirely clear what Asian country everyone is from (or perhaps they're Asian-American), but assuming none of them are from the U.S., it should make those in government U.S. cybersecurity a bit anxious, and perhaps give pause to our new-found love of immigration restrictions.

    --
    Fast Federal Court and I.T.C. updates
    1. Re:Chinese? by ckatko · · Score: 4, Insightful

      US intelligence is already shitting their pants over the "failure of the last decade" if you wanted the last C-SPAN Senate hearing about the Russian/Trump thing. Seriously, watch it. It's pretty insightful (a thousand times more depth than the shit headlines CNN/MSNBC/et al are running.)

    2. Re:Chinese? by Zontar_Thing_From_Ve · · Score: 1

      It's not entirely clear what Asian country everyone is from (or perhaps they're Asian-American), but assuming none of them are from the U.S., it should make those in government U.S. cybersecurity a bit anxious, and perhaps give pause to our new-found love of immigration restrictions.

      Unlikely. The people that are in love with the restrictions don't really want anybody coming over. I have an Asian friend who lives on the other coast of the US from me. She's ethnically Chinese but immigrated by marriage from her home country to the USA. She's told me some recent stories about having white women make very prejudiced remarks towards her both at work and while shopping. And keep in mind that she's not Muslim so none of this is caused by religious wear like a hijab. People who voted for Trump are no longer afraid to hide their prejudices any more. I see some pretty shocking stuff on Facebook from a small number of people I know along these lines.

    3. Re:Chinese? by jbmartin6 · · Score: 5, Interesting

      Tencent (3 of the winning teams) is a Chinese company, the dominant player in chat/communications in China. Owns both WeChat and QQ. Not surprising they would field a strong hacking team.

      --
      This posting is provided 'AS IS' without warranty of any kind, implied or otherwise.
    4. Re:Chinese? by AmiMoJo · · Score: 1

      Far Eastern countries just invested more in developing cyber security talent, that's all.

      Immigration restrictions won't help you, the internet is global and the only countries that has an effective cyber border are all Far Eastern.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  15. Re:Wow, for that kind of money... by ChunderDownunder · · Score: 1

    Mozilla's thoughts on replacing c/c++ with rust...

  16. Re:I use chrome by darkain · · Score: 1

    Or just use Opera, which is basically Chrome Stable (none of the bullshit blind A/B testing Google does on their "stable" branch that breaks shit), has built in ad blocker, and built in VPN. The best of all worlds!

  17. Chome remained unhackable? by ColaMan · · Score: 5, Interesting

    Chrome might have remained unhackable.

    Or quite possibly people can get more money for their Chrome exploits elsewhere, so they naturally don't want to submit - and then lose - good exploits here in this competition.

    --

    You are in a twisty maze of processor lines, all alike.
    There is a lot of hype here.
    1. Re:Chome remained unhackable? by Actually,+I+do+RTFA · · Score: 1

      Or, as noted, the rules prevented some hacks from being used. Maybe all the Chrome hacks fell into that category.

      --
      Your ad here. Ask me how!
    2. Re:Chome remained unhackable? by StormReaver · · Score: 2

      Or quite possibly people can get more money for their Chrome exploits elsewhere....

      The same could be said for Internet Explorer, Safari, Firefox, and Edge. The more likely explanation is that Chrome is just more secure than the other browsers, and that Edge is just as bad as Internet Explorer (which makes sense, since Microsoft is incapable of making a decent Web browser).

    3. Re:Chome remained unhackable? by AmiMoJo · · Score: 5, Interesting

      Why couldn't they also claim the bug bounty? Google has a non-public submission process, so just submit your report a few days before the event to claim the bug bounty and then use it in the competition. Google aren't going to patch it in that time frame, and besides the version to be used is announced in advance.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Chome remained unhackable? by doug141 · · Score: 1

      An interesting point. Is it possible that Microsoft's recent boasting about Edge security attracted hackers this year? Can the public discern relative browser security from Pwn2Own? Those NSA leaks had NSA opinions on various anti-virus programs... I wonder if there's anything in there about browsers.

  18. That's not news by OneHundredAndTen · · Score: 1

    That something from Microsoft is an insecure PoS is not news - it is business as usual. Consider yourself middle-fingered, Microsoft.

  19. Re:do they ever test secure configurations? by MightyMartian · · Score: 2, Interesting

    Your web experience must be thrilling, kind of like surfing the web in 1995. Christ, just use gopher to get the full glory of the 1990s Internet experience.

    --
    The world's burning. Moped Jesus spotted on I50. Details at 11.
  20. So.... by BronsCon · · Score: 1

    Class action over the "Edge is the most secure browser" popups in Win 10?

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    1. Re:So.... by coofercat · · Score: 1

      There's a qualifier which is "Edge is the most secure browser *from Microsoft*". Making something less terrible than IE wasn't especially hard, but they're still trying.

    2. Re:So.... by BronsCon · · Score: 1

      Except for the fact that you're flat out wrong, whereas I merely paraphrased in order to fit several different messages (as it changes based on which browser you're launching) into a single terse statement. Microsoft never used that qualifier; they did, however, say Edge is safer than Chrome and Firefox. Funny, I've never seen that popup for IE, Opera, or any other browser that isn't Chrome or Firefox.

      But, they did specifically call out those two... then proceed to lose to them at Pwn2Own.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  21. Re:But Edge is still new compared to the others by BronsCon · · Score: 1

    You mean like the perspective they cast by popping up an "Edge is the most secure browser" message every time you click a Chrome or Firefox icon in Win 10?

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  22. The teams found out 3 months ago Chrome was secure by raymorris · · Score: 2

    The teams didn't just decide that morning "hey let's compete in Pwn2Own today". They prepared months in advance, testing all the browsers to see what they could do. Perhaps a month or two before the event, they decided which browser they had the best exploits for, the browser they would focus on during the actual competition.

    All the teams but one learned from their testing that they wouldn't be able to hack Chrome. One team thought it was their best chance and that team failed.

  23. There is a basic reason, Edge has no community by Ilgaz · · Score: 5, Interesting

    Edge isn't open source, it has no developer community, no user community like Firefox who will mercilessly bash it until it goes the right direction, no incentive to be secure.

      You can steal millions from Google with a basic, unpublished cookie hack as they are the largest advertising company on planet. So, they are damn careful about their code. Chromium which eventually ends up to be Chrome has its own community. Additionally, there is a huge privacy fanatic user community, developer community in Mozilla.

    Edge is a browser which comes with the OS, nothing else.

    1. Re:There is a basic reason, Edge has no community by ChunderDownunder · · Score: 1

      Edge isn't open source

      Its Javascript Engine is. It isn't clear from the article where exactly the vulnerabilities lay but potentially opening up the code to "many eyes" may have provided a way in, whereas crafting a Pwn without the source might have previously been trickier.

    2. Re:There is a basic reason, Edge has no community by Bert64 · · Score: 1

      But opening up the code doesn't put edge at a disadvantage, it only serves to level the playing field relative to its main competitors which are both open source.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    3. Re:There is a basic reason, Edge has no community by angel'o'sphere · · Score: 1

      Edges HTML engine seems to be WebKit.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    4. Re: There is a basic reason, Edge has no community by Ilgaz · · Score: 1

      No it isn't, it is compatible and somehow similar to WebKit but not really WebKit. It requires a real paradigm shift for MS to adopt WebKit. MS says one shouldn't worry about site compatibility if it works with Apple Safari. I think it creates the confusion.

      I actually like simple browsers using native OS functions and use less energy & CPU but not being open source and multi platform kills whole advantage.

    5. Re: There is a basic reason, Edge has no community by angel'o'sphere · · Score: 1

      Well,
      I'm working with Edge and Chrome in software development.
      The "Developer Tools" in Edge look exactly the same as in Chrome and Safari. I check tomorrow again, I doubt there is even a single pixel difference. So I assumed Edge was based on WebKit, too.

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  24. Re:I use chrome by t0y · · Score: 1

    Use Ghostery if you are worried about tracking.

    And don't forget to disable ghostery's tracking.

  25. Re:But Edge is still new compared to the others by f3rret · · Score: 1

    You mean like the perspective they cast by popping up an "Edge is the most secure browser" message every time you click a Chrome or Firefox icon in Win 10?

    That doesn't happen though, but cool of you to say it does

    --
    Admit nothing. Deny Everything. Make Counter-accusations.
  26. Re:I use chrome by l20502 · · Score: 1

    built in VPN

    You mean built in connection to it's chinese overlords?

  27. Re:I use chrome by AmiMoJo · · Score: 1

    Do you have any evidence that Chrome tracks you if you disable the safe browsing and navigation assistance stuff?

    I always ask the same question and never get any evidence. All I want is some proof that if you tell Chrome not to track you, it does anyway.

    --
    const int one = 65536; (Silvermoon, Texture.cs)
    SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  28. Re:But Edge is still new compared to the others by BronsCon · · Score: 1

    Oh, you've never seen it? I may have paraphrased, because the message is slightly different depending on which browser you're launching, but, well, it happens. In fact, it was reported here back in November.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
  29. Underpaid researchers by Robert+Goatse · · Score: 2

    $105K for 3 zero days for the VMWare escape sounds hideously low. I bet those guys could get 10x that amount 'somewhere else'.

  30. Re:I use chrome by kilodelta · · Score: 2

    There's no reason to run a browser without AdBlock and ScriptSafe. That would be my minimum.

  31. Re:Wow, for that kind of money... by Rob+Y. · · Score: 1

    Well, that brings up an obvious question. If Edge is a whole new browser - built, presumably, using the latest, 'safest' coding techniques - what does that say about the ability to make programming languages (or 'standard' techniques for coding in them) safe. After all this time, new code is still more hackable than older - but better tested - code?

    --
    Posted from my Android phone. Oh, I can change this? There, that's better...
  32. Chrome is terrible by slashmydots · · Score: 1

    If you install a completely not blocked at all malware add on to Chrome as an extension, it will not only remain unblocked because Google doesn't give a shit but it will also automatically propogate itself or at least its settings to all your other devices that run Chrome. Isn't that convenient!

  33. Tor browser is built on Firefox by davsi · · Score: 1

    Given their interest in security and privacy, I'd say this is a significant fact.

  34. Re:I use chrome by chihowa · · Score: 1

    Putting trust in corporations is stupid and trusting an advertising company (whose core business model is tracking people and building dossiers on them) to not track you is equally stupid. I don't have any evidence that they're tracking you, but you don't have any evidence that they're not and tracking you would fit their MO perfectly.

    Do what you want -- nobody cares -- but there's nothing unreasonable about distrusting Google, even in the absence of hard evidence.

    --
    If you want a vision of the future, imagine a youtube comments section scrolling - forever.
  35. Re:The headline is misleading by Pinky's+Brain · · Score: 1

    I prefer to take the capitalist point of view. Chrome exploits are more profitable when sold to criminals (state aligned or free market ones).

  36. Chrome is most certainly not unhcakable. by PJ6 · · Score: 1

    I saw a fully patched, up-to-date machine get rooted via Chrome from a malicious website not two months ago.

    Run it in a sandbox.

    Run all browsers in a sandbox, even if they say they already have one built in.

  37. Re: But Edge is still new compared to the others by pahosler · · Score: 1

    I have Win10 pro on my laptop, I've never seen a pop up from M$. I only used Edge long enough to install Chrome. My laptop is an older Lenovo R61 that never just sipped electrons anyway. Other than Chrome I haven't done any mods or disabled any services.

  38. Re: But Edge is still new compared to the others by BronsCon · · Score: 1

    You could have read the rest of the thread before posting and found an example of exactly what I'm talking about, including a screenshot and a link to where it was reported here in November. That would have been a good alternative to making yourself look like a MS shill by claiming that, since it doesn't happen to you, it must not happen at all.

    --
    APK quotes people (including myself) without context and should not be trusted. Just thought you should know.