Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Chrome Most Resilient Against Attacks, Researchers Find (helpnetsecurity.com)

Posted by msmash on from the pitting-against-each-other dept.

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.

7 of 98 comments (clear)

  1. Why even compare by volodymyrbiryuk · · Score: 5, Insightful

    Chrome to the slow kid and his autistic older brother.

    --
    sudo rm -r -f --no-preserve-root /
  2. Uh, Chrome vs Firefox is all that matters by Anonymous Coward · · Score: 5, Insightful

    Seriously, what is the point of this unless it compares Chrome to Firefox. Those are the only ones that actually matter!

    1. Re:Uh, Chrome vs Firefox is all that matters by Sigma+7 · · Score: 3, Interesting

      The point is to say "Hi, we're so skilled and want funding". Who cares about doing proper research, we're just doing enough to make a pretty 190 page document. Slightly more useful is a document that helps instruct new programmers on information on how to harden code, as opposed to a comparison on which features browsers implement.

      My opinion on the research itself: A quick scan on the document doesn't have mention of "Punycode", which was a semi-recent vulnerability which is rather important. Comparing the speed at handling that issue gives a good indicaton on the health of the browser. (For reference, Chrome, Edge and Pale Moon fix the issue. Meanwhile, Firefox fails despite an alternate version working fine. You can test you browser yourself by visitng Apple.com to see the secure lock symbol.)

  3. Are you kidding me?! by the_skywise · · Score: 3, Insightful

    We compared Chrome to one of the most reviled web browsers in the world for poor security and discovered it came out on top! You won't believe what happened next - click here!

    1. Re:Are you kidding me?! by Baron_Yam · · Score: 3, Insightful

      Yeah, without Firefox, Safari, and Opera... it's really a pointless study unless you're merely looking for documented empirical backing for common knowledge.

      Of course, the study was sponsored by Google. I'm willing to concede it was likely a fair study for what it studied, but I'd bet the scope was limited to make Chrome look better.

  4. Important paragraph from the intro by swillden · · Score: 3, Informative

    There's an important paragraph in the introduction:

    The analysis has been sponsored by Google. X41 D-Sec GmbH accepted this sponsorship on the condition that Google would not interfere with our testing methodology or control the content of our paper. We are aware that we could unconsciously be biased to produce results favorable to our sponsor, and have attempted to eliminate this by being as transparent as possible about our decision-making processes and testing methodologies.

    You can read the paper yourself to determine whether they succeeded at avoiding biasing their results. One up-front question is why they didn't include Firefox. Based on public vulnerabilities and Pwn2Own and similar competitions, FF is less secure than Chrome, but often better than Edge. Safari tends to trail by a large margin, so its exclusion doesn't surprise me, nor does the exclusion of Opera and other browsers with very small market share.

    --
    Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
  5. Re:Open Source is a failure. by brianerst · · Score: 4, Interesting

    And the memory leaks are largely caused by an unsafe extension system that is being replaced by a new, more thread-safe extension system. And the wailing and gnashing of teeth continue.

    "Firefox has memory leaks!"
    "Fixed the ones in Firefox, the rest are bad extensions (probably AdBlock)"

    "Firefox's Javascript is slow!"
    "Fixed that"

    "Firefox is slow"
    "We'll move to a new threading model that's lots faster and requires us to fix our leaky extension model too"

    "You're breaking my extensions - why don't you listen to what your users WANT???"
    [sigh...]