Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com)

← Back to Stories (view on slashdot.org)

Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com)

Posted by msmash on Tuesday September 19, 2017 @02:00AM from the pitting-against-each-other dept.

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.

52 of 98 comments (clear)

Min score:

Reason:

Sort:

Why even compare by volodymyrbiryuk · 2017-09-19 02:04 · Score: 5, Insightful

Chrome to the slow kid and his autistic older brother.

--
sudo rm -r -f --no-preserve-root /
1. Re:Why even compare by DontBeAMoran · 2017-09-19 02:37 · Score: 2
  
  http://i0.kym-cdn.com/photos/i...
  
  --
  #DeleteFacebook
2. Re:Why even compare by XXongo · 2017-09-19 03:26 · Score: 1
  
  Yeah.
  The key sentence is the last sentence in TFA:
  "It’s too bad that other popular browsers (Firefox, Safari, Opera) weren’t included in the assessment."
3. Re:Why even compare by hawk · 2017-09-19 03:46 · Score: 1
  
  Because who ever would have guessed the headline,
  Something else is more secure than Microsoft
  hawk
4. Re:Why even compare by lgw · 2017-09-19 04:20 · Score: 1
  
  Firefox has been excluded from recent hacking competitions as "too easy", sadly enough, but I'd love to see how Safari, Opera stand up.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
Uh, Chrome vs Firefox is all that matters by Anonymous Coward · 2017-09-19 02:04 · Score: 5, Insightful

Seriously, what is the point of this unless it compares Chrome to Firefox. Those are the only ones that actually matter!
1. Re:Uh, Chrome vs Firefox is all that matters by DontBeAMoran · 2017-09-19 02:09 · Score: 1
  
  Chrome, Safari and Edge are the only ones that matter in the real world. Even if you combine both Firefox and Opera they still have less marketshare than any of those three.
  
  --
  #DeleteFacebook
2. Re:Uh, Chrome vs Firefox is all that matters by Anonymous Coward · 2017-09-19 02:13 · Score: 1
  
  Not true. Firefox has more market share than Edge.
3. Re:Uh, Chrome vs Firefox is all that matters by PmanAce · 2017-09-19 02:17 · Score: 1
  
  Internet Explorer has more market share than Firefox. Edge != Internet Explorer.
  
  --
  Tired of my customary (Score:1)
4. Re:Uh, Chrome vs Firefox is all that matters by DontBeAMoran · 2017-09-19 02:17 · Score: 1, Funny
  
  Not for long. Edge's marketshare is increasing and Firefox's marketshare is decreasing.
  And unless Firefox starts listening to their users instead of doing the opposite, and starts doing that five years ago, they're doomed.
  
  --
  #DeleteFacebook
5. Re:Uh, Chrome vs Firefox is all that matters by theweatherelectric · 2017-09-19 02:36 · Score: 2
  
  Not for long. Edge's marketshare is increasing and Firefox's marketshare is decreasing.
  Edge's usage is one quarter to one third of Firefox's. It's got a way to go yet.
  
  they're doomed
  Unlikely. You should try Firefox 57. It will be released to the beta channel in a week or so.
6. Re:Uh, Chrome vs Firefox is all that matters by geekmux · 2017-09-19 02:37 · Score: 2
  
  Chrome, Safari and Edge are the only ones that matter in the real world. Even if you combine both Firefox and Opera they still have less marketshare than any of those three.
  Given the general level of ignorance and stupidity that often leads to consumers being successfully hacked and exploited, I don't know why people continue to value the metric of marketshare when it comes to mass ignorance and browser usage.
  Marketshare doesn't keep me secure. A good browser does.
7. Re: Uh, Chrome vs Firefox is all that matters by DontBeAMoran · 2017-09-19 02:38 · Score: 1
  
  #otherbrowsersmatter
  
  --
  #DeleteFacebook
8. Re:Uh, Chrome vs Firefox is all that matters by DontBeAMoran · 2017-09-19 02:45 · Score: 1, Troll
  
  Firefox has always sucked on OS X.
  
  --
  #DeleteFacebook
9. Re:Uh, Chrome vs Firefox is all that matters by DontBeAMoran · 2017-09-19 02:47 · Score: 1
  
  But marketshare is what determines which browsers are tested when making websites. Clients won't accept a 10% increase to their invoices if Firefox represents only 2% of their users.
  
  --
  #DeleteFacebook
10. Re:Uh, Chrome vs Firefox is all that matters by Sigma+7 · 2017-09-19 02:47 · Score: 3, Interesting
  
  The point is to say "Hi, we're so skilled and want funding". Who cares about doing proper research, we're just doing enough to make a pretty 190 page document. Slightly more useful is a document that helps instruct new programmers on information on how to harden code, as opposed to a comparison on which features browsers implement.
  My opinion on the research itself: A quick scan on the document doesn't have mention of "Punycode", which was a semi-recent vulnerability which is rather important. Comparing the speed at handling that issue gives a good indicaton on the health of the browser. (For reference, Chrome, Edge and Pale Moon fix the issue. Meanwhile, Firefox fails despite an alternate version working fine. You can test you browser yourself by visitng Apple.com to see the secure lock symbol.)
11. Re:Uh, Chrome vs Firefox is all that matters by ITRambo · 2017-09-19 02:58 · Score: 1
  
  For security testing the top ten, or more, should have been tested, not just Microsoft's and Google's. How does Chromium compare to Chrome? If Opera more or less secure than Firefox/ I would like to know.
12. Re:Uh, Chrome vs Firefox is all that matters by DontBeAMoran · 2017-09-19 03:04 · Score: 1
  
  Moderated "troll" by some idiot who only use Firefox on Windows.
  
  --
  #DeleteFacebook
13. Re:Uh, Chrome vs Firefox is all that matters by DontBeAMoran · 2017-09-19 03:06 · Score: 1
  
  But marketshare statistics taken from where? Web developers websites? That's why 2%. Developers use Chrome, Safari and Firefox.
  On real websites that everybody uses, Edge usage is higher than Firefox.
  
  --
  #DeleteFacebook
14. Re:Uh, Chrome vs Firefox is all that matters by that+this+is+not+und · 2017-09-19 03:23 · Score: 1
  
  If the website you create 'breaks' because of the browser that I am using, I am probably better off just not going to it ever again.
  Truths like this should frighten website creators. (note that I did not call them 'developers' or 'designers.')
15. Re:Uh, Chrome vs Firefox is all that matters by MightyMartian · 2017-09-19 04:32 · Score: 1
  
  Since when does Edge matter at all? All the statistics I've seen suggest users view Edge as their Chrome download application.
  
  --
  The world's burning. Moped Jesus spotted on I50. Details at 11.
16. Re:Uh, Chrome vs Firefox is all that matters by swillden · 2017-09-19 04:41 · Score: 2
  
  My opinion on the research itself: A quick scan on the document doesn't have mention of "Punycode", which was a semi-recent vulnerability which is rather important.
  This isn't that type of security analysis. It doesn't assess known vulnerabilities, but instead analyzes organizational and architectural characteristics to determine how likely the browsers are to resist future vulnerabilities. Both sorts of analyses are useful and informative. Rapid and effective correction of vulnerabilities discovered is an important tool for security, but so is designing for defense in depth.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
17. Re:Uh, Chrome vs Firefox is all that matters by fahrbot-bot · 2017-09-19 04:54 · Score: 1
  
  Firefox has always sucked on OS X.
  Moderated "troll" by some idiot who only use Firefox on Windows.
  More likely by someone who confuses criticism and/or contrary opinion with trolling or baiting.
  Welcome to /.
  
  --
  It must have been something you assimilated. . . .
18. Re:Uh, Chrome vs Firefox is all that matters by nashv · 2017-09-19 06:48 · Score: 1
  
  Lets put it this way. In terms of 'number of installs' , Internet Explorer and Edge win because of being bundled with Windows. The only other browser that comes relevantly close is Chrome.
  Between Chrome, Edge and Internet Explorer, you have covered about 95% of the world's consumer computers. It is obvious that their criteria is only volume...which seems to be why they have also neglected Safari.
  
  --
  Entia non sunt multiplicanda praeter necessitatem.
19. Re:Uh, Chrome vs Firefox is all that matters by thegarbz · 2017-09-19 08:02 · Score: 1
  
  Just what in the Firefox market share figures makes you think it remotely matters?
Re:Open Source is a failure. by DontBeAMoran · 2017-09-19 02:20 · Score: 2

Firefox is but one open source projet. And the failure is not in being OSS, it's in not listening to their users, i.e. the users keep saying for years that your program has memory leaks, that you should fix that instead of adding more bloated features that nobody asked for, and all you do is put your fingers in your ears and go "la-la-la-I can't-hear-you-la-la-la" then of course you're going to fail.

--
#DeleteFacebook
Are you kidding me?! by the_skywise · 2017-09-19 02:24 · Score: 3, Insightful

We compared Chrome to one of the most reviled web browsers in the world for poor security and discovered it came out on top! You won't believe what happened next - click here!
1. Re:Are you kidding me?! by Baron_Yam · 2017-09-19 02:35 · Score: 3, Insightful
  
  Yeah, without Firefox, Safari, and Opera... it's really a pointless study unless you're merely looking for documented empirical backing for common knowledge.
  Of course, the study was sponsored by Google. I'm willing to concede it was likely a fair study for what it studied, but I'd bet the scope was limited to make Chrome look better.
2. Re:Are you kidding me?! by DontBeAMoran · 2017-09-19 02:40 · Score: 2
  
  This is probably how it went...
  Chrome vs Safari and Firefox: Chrome is 1.27% better.
  Chrome vs the retarded Duo (Internet Explorer and Edge): Chrome is 45.9% better.
  "Let's use the 45.9% one."
  
  --
  #DeleteFacebook
3. Re:Are you kidding me?! by swillden · 2017-09-19 05:08 · Score: 1
  
  This is probably how it went...
  Chrome vs Safari and Firefox: Chrome is 1.27% better. Chrome vs the retarded Duo (Internet Explorer and Edge): Chrome is 45.9% better.
  "Let's use the 45.9% one."
  Well, if you look at vulnerabilities and hacking competitions, FF is perhaps a bit better than Edge, but Safari is far worse. I think the choice was mostly made based on what enterprises are likely to use, since enterprise security is the main focus. That means the relevant OS is Windows, and enterprises typically either (a) use what comes with the OS (IE/Edge) or (b) use Chrome. Enterprise use of FF is rare AFAICS.
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Not surprisingly. by Qbertino · 2017-09-19 02:38 · Score: 2

Chrome is a pillar of Googles strategy against Apple, Facebook and MicroSoft. They'd be stupid to let things slide with Chrome.

--
We suffer more in our imagination than in reality. - Seneca
Important paragraph from the intro by swillden · 2017-09-19 02:41 · Score: 3, Informative

There's an important paragraph in the introduction:

The analysis has been sponsored by Google. X41 D-Sec GmbH accepted this sponsorship on the condition that Google would not interfere with our testing methodology or control the content of our paper. We are aware that we could unconsciously be biased to produce results favorable to our sponsor, and have attempted to eliminate this by being as transparent as possible about our decision-making processes and testing methodologies.
You can read the paper yourself to determine whether they succeeded at avoiding biasing their results. One up-front question is why they didn't include Firefox. Based on public vulnerabilities and Pwn2Own and similar competitions, FF is less secure than Chrome, but often better than Edge. Safari tends to trail by a large margin, so its exclusion doesn't surprise me, nor does the exclusion of Opera and other browsers with very small market share.

--
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
Being as how Chrome users... by EzInKy · 2017-09-19 02:42 · Score: 1

...surrender all there personal info to google, I can see how this can be so.

--
Time is what keeps everything from happening all at once.
Shit comparison, shit software by The123king · 2017-09-19 02:43 · Score: 1

That's like comparing a pile of shit and a bucket of shit to a rose. which one will smell better?

--
If you gave me a choice between a printer and a giraffe with explosive diarrhoea, i'll get my ladder and my raincoat
Re:Open Source is a failure. by brianerst · 2017-09-19 02:55 · Score: 4, Interesting

And the memory leaks are largely caused by an unsafe extension system that is being replaced by a new, more thread-safe extension system. And the wailing and gnashing of teeth continue.
"Firefox has memory leaks!"
"Fixed the ones in Firefox, the rest are bad extensions (probably AdBlock)"
"Firefox's Javascript is slow!"
"Fixed that"
"Firefox is slow"
"We'll move to a new threading model that's lots faster and requires us to fix our leaky extension model too"
"You're breaking my extensions - why don't you listen to what your users WANT???"
[sigh...]
Link to actual research by xxxJonBoyxxx · 2017-09-19 02:58 · Score: 2

Link to actual research:
https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf

because Slashdot editors are lazy. More seriously, this paper appears to be a must-read if you're responsible for desktop or other end-user security. (The examples are great.)
Re:Open Source is a failure. by DontBeAMoran · 2017-09-19 03:07 · Score: 1

Never used any extension with Firefox. Still sucked on OS X.

--
#DeleteFacebook
Firefox 57 will likely destroy Firefox. by Anonymous Coward · 2017-09-19 03:15 · Score: 2, Informative

Your attitude is a perfect example of why Firefox is on its way out. If you knew anything about Firefox 57 you'd know that it could very well be the final nail in Firefox's coffin. You would not be recommending that users look forward to it!
Firefox 57 is due in November, and it's the first release that's supposed to only support WebExtensions extensions. This will very likely break many existing extensions. Due to differing capabilities between the existing extension model and WebExtensions it may not even be possible to reimplement some existing extensions!
So I think we'll see two things happen:
1) A small number of Firefox users will continue to use pre-57 versions, so they can continue to use extensions that won't be or can't be supported in Firefox 57 and beyond.
2) A much larger number of Firefox users will move to Chrome (or Chromium) and never look back. If all of their extensions use a Chrome-like model, there's no reason to use Firefox. In my experience, and that of many other people, Firefox is very slow, bloated, and memory-hungry compared to Chrome. I'm sure you'll parade some bullshit "benchmarks" showing otherwise, but these benchmarks don't correspond at all to the actual experience of using Firefox and feeling just how less responsive it is than Chrome.
Firefox's market share is already pretty pathetic. Firefox 54 has only 2.94% of the market. Firefox 55 has only 1.19%. Firefox 52 has 0.49%. The rest of Firefox's releases, including Firefox for Android, are well under 1%. Many of them are in the 0.01% to 0.05% range.
I wouldn't be at all surprised if Firefox 57 knocks Firefox down to the 1% to 2% range.
Firefox is already pretty irrelevant now that's down to about 5%. When it's down to the lowest of the low single-digit percentages, the chance of a recovery will basically become non-existent. And once the Yahoo search deal expires, it's doubtful that any other organization will want to sign a search deal with Mozilla. Why would they, if Firefox has only 1% or maybe 2% of the market at that time? Firefox's future will be even bleaker than it already is if Mozilla were to lose out on their main source of income.
You hype Firefox 57 as if it's a good thing. The evidence suggests otherwise. It shows that Firefox 57 has the potential to be the most disastrous release in Firefox's history, even worse than the early rapid-release extension breakage debacle and even worse than the Australis debacle.
1. Re:Firefox 57 will likely destroy Firefox. by theweatherelectric · 2017-09-19 03:24 · Score: 2
  
  Your attitude is a perfect example of why Firefox is on its way out.
  What attitude is that? Rationality?
  
  If you knew anything about Firefox 57 you'd know that it could very well be the final nail in Firefox's coffin.
  Unlikely. Use Firefox 57 first, talk second.
Time to broaden the definition by slashmydots · 2017-09-19 03:17 · Score: 1

It literally synchronizes malicious adware and malware extensions across multiple devices automatically. They're doing nothing about bad plugins and extensions either and that is what affects the majority of end users. So it's basically the least secure.
Re:Open Source is a failure. by TheDarkMaster · 2017-09-19 03:17 · Score: 1

Shut up asshole, I'm not even a "FOSS lawyer" (I develop for closed government projects), I'm just pointing out the obvious you're apparently unable to understand.

--
Religion: The greatest weapon of mass destruction of all time
Re:Open Source is a failure. by that+this+is+not+und · 2017-09-19 03:28 · Score: 1

In your long rant, you didn't mention any software project that is actually inferior.
But keep it up, if you are bored and have time to waste.
Re:Firefox, Safari, and Opera were not included by that+this+is+not+und · 2017-09-19 03:33 · Score: 1

Why would Safari be included? It requires a hardware dongle that most of us don't possess.
I have the Safari for Windows installer for version 5.34.51.22 but that's a version from 10/2014 and Apple hasn't released anything newer. It's producer has made it irrelevant to 'the rest of us.'
Pointless advert by Voice+of+satan · 2017-09-19 04:05 · Score: 1

Pointless advert disguised as research. Did RTFA. Lost my time. Without including other browsers and OSes this has little value.
Re:Memory leak by OneHundredAndTen · 2017-09-19 04:21 · Score: 1

Just the orher day i was on a websight ... Seems like they all still have work to do.
And you have to attain 6th grade English level.
Useless report by campuscodi · 2017-09-19 04:45 · Score: 1

This research is useless because they only compared it to Edge and IE. Of course it was better. All browsers are better than those 2. Furthermore, the study was sponsored by Google, which explains why it's so Chrome positive. https://www.x41-dsec.de/securi...
requisite snark by thegreatbob · 2017-09-19 05:09 · Score: 1

Shame Firefox can't rip off this feature/design aspect too.

--
There is no XUL, only WebExtensions...
Re: Open Source is a failure. by cm5oom · 2017-09-19 05:20 · Score: 1

Somehow browsers like Chrome, Safari, and Edge manage to avoid these problems that Firefox suffers from. Maybe it's because their developers are smart enough to avoid the problems in the first place, and don't go blaming everybody and everything else.
Funny you should say that considering firefox is switching to the extension api that chrome uses. Maybe you're more right then you know. To spell it out for those who can't follow along maybe the extention api really is the problem.
Re:Ridiculous by koreanbabykilla · 2017-09-19 06:38 · Score: 1

My work IT dept only allows a very small whitelist of extentions to be installed on chrome. Perhaps you should implement this at your IT department ?
Calendar by Thelasko · 2017-09-19 06:42 · Score: 1

I feel it should be noted that they separated Thunderbird and Lightning into two separate entries in the survey. For those unaware, the calendar plugin for Thunderbird is Lightning. Therefore, they should be counted as one. Doing so would make them the winner hands down. Unfortunately, since the separated them, Gnome-Calendar was the winner.

--
One of our competitors trademarked the term "hypothesis". From now on, we will call them "boneheaded ideas".
makes sense by bobmajdakjr · 2017-09-19 07:42 · Score: 1

google cannot allow others to get access to the data they are harvesting about you, then they would lose their edge. makes sense they might have tried a little harder than mozillderp.
Re:Open Source is a failure. by thegarbz · 2017-09-19 08:04 · Score: 1

And yet at the time when Firefox started getting some serious criticism it was one of the fastest and memory friendly browsers on the market. You know what we can do to improve that? Fuck with the user interface, add things no one wants, force people to write shitty extensions to make Firefox act the way it used to and .... oh look those extensions are buggy and make it all slow.
The things you listed are bug fixes, not "what the users want".