Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs (bleepingcomputer.com)

Posted by BeauHD on from the testing-in-progress dept.

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.

105 comments

  1. Simple Fix by sexconker · · Score: 0

    Turn off javascript and related scripting shit.

    1. Re:Simple Fix by Anonymous Coward · · Score: 1

      Turn off javascript and related scripting shit.

      It's not that simple. Try using Google without JS. There are tons of other sites with the same problem.

    2. Re:Simple Fix by Anonymous Coward · · Score: 0

      Yeah, real simple. Can't be vulnerable on something you can't use. Why not shut down your computer and lock it in a safe while you're at it.

    3. Re:Simple Fix by amiga3D · · Score: 3, Interesting

      It's gotten to the point I do banking on a distro I run off a thumb drive on my laptop. It's designed for security from the ground up and that is the only thing I use it for. As to surfing the web and everything else I don't worry too much and just use the standard Ubuntu on the hard drive.

    4. Re:Simple Fix by Anonymous Coward · · Score: 2, Informative

      It's not that simple. Try using Google without JS.

      Actually, google search works ok without javascript. Google mail still has a basic lite mode too. The rest of google won't work without javascript.

      There are tons of other sites with the same problem.

      Yes, and they are badly written. Compare to amazon - it works with any browser, with or without javascript, because amazon knows you won't buy if their website won't work in the customer's browser.

    5. Re:Simple Fix by that+this+is+not+und · · Score: 1

      Yeah, real simple. Can't be vulnerable on something you can't use. Why not shut down your computer and lock it in a safe while you're at it.

      Are you angry because you're a 'Web Developer' and people might not be able to run your 'code'?

    6. Re:Simple Fix by Khyber · · Score: 1

      "Try using Google without JS"

      Proof that Google engineers are shit at real coding.

      Hey, Google Engineers, before you do your mass downvote moderation, try explaining why your stuff is so shit in the first place.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    7. Re:Simple Fix by Anonymous Coward · · Score: 0

      You lost that battle 10 years ago. The web is straight-up broken without javascript.

    8. Re:Simple Fix by reboot246 · · Score: 1

      Javascript is ruining the internet, IMO.

    9. Re:Simple Fix by Anonymous Coward · · Score: 0

      Ah. The Luddites are out in force today.

    10. Re:Simple Fix by ArylAkamov · · Score: 1

      Yea and Intel's ME is there to fuck that over.

      You don't do your banking on a thinkpad x60 or libreboot'd thinkpad? What are you, a pleb?

    11. Re:Simple Fix by Anonymous Coward · · Score: 0

      The internet deserves javascript.

    12. Re:Simple Fix by Anonymous Coward · · Score: 0

      As if Luddite was an insult, you stupid tech-fetishist retard. Don't you have some money to be wasting on useless gadgets or something? Maybe that new iPhone will fill the gaping hole in your heart. Maybe this time will be different...

    13. Re: Simple Fix by Anonymous Coward · · Score: 0

      Don't use browser that supports javascript. FTFY

    14. Re:Simple Fix by amiga3D · · Score: 1

      It's plenty secure. Most of the people I know that get hit are the ones using an Android phone of all things. Hackers are lazy too and they tend to hit the low hanging fruit.

    15. Re:Simple Fix by Anonymous Coward · · Score: 1

      There is still another fight to take.
      Cross site scripting.

      If I go to one page I don't really mind that much if that page has to run some scripts to work.
      What I don't see a reason for is for that page to pull in scripts from third party sources that I may or may not trust.

      Most pages works fine without them, but those who don't should be considered broken.

    16. Re:Simple Fix by Anonymous Coward · · Score: 0

      That is one of the reasons I picked the bank I did.
      Their security system is based on an airgapped code generator.
      They send me a code to verify the transaction, I enter it into the generator and send back the result.
      The code they send me is based on the action I want to take. If I am verifying transactions to a new account it will be based on the account number. If I'm doing a transaction the code is based on the amount I'm sending.

      If their domain is hijacked I will still notice if the codes sent to me aren't what I want to do.
      If my computer is compromised the attacker can't do anything since the generator is airgapped.
      They can feed me fake codes, but again, I will notice that the code isn't for what I want to do.

    17. Re: Simple Fix by Anonymous Coward · · Score: 0

      What you have described is not what âoeair gappedâ usually means. If it where a real âoeair gapped âoe system then after each transition you would have to go to the bank, go to there shielded room and look at the code there.

      From what you have described- this is at best isolated systems. But even that is likely not true, since the code generating system needs to know that there was a transaction, and type of transaction, then it must be linked to transaction systems.

    18. Re: Simple Fix by Anonymous Coward · · Score: 0

      Dad? Is that you?

    19. Re:Simple Fix by arglebargle_xiv · · Score: 1

      Also, if they were testing it on the "top five browsers", why was Firefox included in the list? That's barely a blip in the market any more, and will be even less so after November.

    20. Re:Simple Fix by Anonymous Coward · · Score: 0

      The top 5 browsers in August were:
      1. Chrome
      2. IE
      3. Firefox
      4. Edge
      5. Safari
      (reference: https://www.netmarketshare.com/browser-market-share.aspx?qprid=2&qpcustomd=0)

      Whether that's believable or not, I can't say, but if they got their information from a similar source, it would seem logical for firefox to be on that list, as the information makes the claim that FF > edge > Safari.

    21. Re:Simple Fix by Morris+von+Habsburg · · Score: 1

      Javascript is running the internet.

    22. Re:Simple Fix by Anonymous Coward · · Score: 0

      they don't want to show you up?

  2. What an impartial study! by Anonymous Coward · · Score: 3, Funny

    Google finds their own browser is best. News at 11.

    1. Re:What an impartial study! by Anonymous Coward · · Score: 3, Funny

      Apple's reply was that while Safari was not the first, it was the best-looking one.

    2. Re: What an impartial study! by Anonymous Coward · · Score: 1

      I am shocked!

      Next up google disables other browsers from accessing google.com search results, "for your safety".

    3. Re:What an impartial study! by K.+S.+Kyosuke · · Score: 3, Insightful

      Maybe the same or similar group of people who wrote the tool also wrote the part of the browser that the tool tests, using similar approaches?

      --
      Ezekiel 23:20
    4. Re:What an impartial study! by mangastudent · · Score: 4, Informative

      Fuzzers are pretty impartial, and I don't find it hard to believe that the Chromium/Chrome team is the best at security.

    5. Re: What an impartial study! by Anonymous Coward · · Score: 0

      Gee, you donâ(TM)t think they tested their tool on their browser and fixed the bugs before releasing their results, do you?

    6. Re: What an impartial study! by DontBeAMoran · · Score: 1

      Of course not! That would be evil, the very thing we all know Google does not do.

      --
      #DeleteFacebook
    7. Re: What an impartial study! by that+this+is+not+und · · Score: 0

      Nonetheless, if they've fixed their browser's bugs, the bugs are fixed.

      Does Apple have a crack team who are going to look at this and fix all those bugs pronto? Or are they busy making sure the security perimeter around the walled garden is tight?

    8. Re:What an impartial study! by swillden · · Score: 5, Interesting

      Fuzzers are pretty impartial, and I don't find it hard to believe that the Chromium/Chrome team is the best at security.

      Also, I know a couple of people on the Project Zero team, and they treat Google absolutely different from anyone else. They attack everything, regardless of origin, with equal gusto and skill and have a strict, no-exceptions-ever 90-day public disclosure policy. I work on Android and Project Zero has even 0day'd us a couple of times, publishing existing vulns in Android that we haven't gotten fixed within the 90 day window.

      It's interesting working with PZ team members directly because even though they're Google employees, they are not subject to the standard employee NDA. More than one time I've had one of them stop me mid-sentence to remind me that they are not allowed to hear non-public information... and that if I tell them anyway they are not obligated to keep it secret.

      Project Zero is employed by Google, but that means nothing to them. And, strangely enough, Google is totally fine with that.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    9. Re:What an impartial study! by swillden · · Score: 2

      they treat Google absolutely no different

      Gah. I reorganized that sentence and in the process lost the most important word.

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    10. Re:What an impartial study! by Anonymous Coward · · Score: 0

      I can't say about security, but certainly the front-end team at work have lodged a few bug reports regarding Chrome/Chromium and Google love to close them as won't fix, usually with a pretty lame excuse. The best was an incorrect implementation of cache control, which the other browsers (even Safari) all implement the same and all work as expected. The Chrome team insisted that everyone else was wrong, even though the Chrome implementation very clearly doesn't match the spec. We've had to do more workarounds for Chrome than any other browser, although Safari is pretty close. It doesn't exactly inspire confidence in their development process.

    11. Re:What an impartial study! by andrewbaldwin · · Score: 1

      What would Mandy Rice-Davies say??

    12. Re:What an impartial study! by Anonymous Coward · · Score: 0

      I'd imagine Googe designed this test in good faith and using best pratices. Now, wither or not they released the test straight away, or ran it and then fixed some bugs it found in Chrome to assure them top spot, is another matter..

    13. Re:What an impartial study! by Anonymous Coward · · Score: 0

      dw anyone who read more than the first sentence can see that.

    14. Re:What an impartial study! by TheFakeTimCook · · Score: 1

      Fuzzers are pretty impartial, and I don't find it hard to believe that the Chromium/Chrome team is the best at security.

      Does the test actually test Browser "Security" (Whatever that means)? I thought it was testing how well the Browser-Under-Test was implementing the Document Object Model (or, at least, Google's interpretation of same)?

    15. Re:What an impartial study! by Anonymous Coward · · Score: 0

      Note to black hats: Android security people will apparently blab non-public information to anybody and routinely don't fix disclosed zero-day security bugs in a three month window. They also appear surprised that other security people have more interest in security than demonstrating their fealty to the Googlehive.

  3. no surprise about safari by Anonymous Coward · · Score: 0

    it's shit, the new IE6.

    1. Re:no surprise about safari by that+this+is+not+und · · Score: 1

      Who would even run Safari in the first place? On my phone and tablet I have Chrome, Firefox, and Opera (not the 'mini' skin) installed and use them all.

      Is there a corporation that forces people to run Safari?

    2. Re:no surprise about safari by Anonymous Coward · · Score: 0

      Who would even run Safari in the first place?

      Anyone that has an IQ larger than their shoe size. Chrome, Firefox and Opera are a pieces of shit. Only morons use them.

    3. Re:no surprise about safari by dgatwood · · Score: 4, Informative

      Is there a corporation that forces people to run Safari?

      Apple. On iOS, all browsers (even Chrome) are actually running Safari's rendering engine, with the exception of browsers that run all the JavaScript server-side. The reason for this is that Apple won't let apps run non-Apple JavaScript engines out of concerns about security. (The irony here is not lost on me.)

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    4. Re:no surprise about safari by that+this+is+not+und · · Score: 1

      Your scatological interests aside, did you have anything to add to the discussion?

    5. Re:no surprise about safari by Anonymous Coward · · Score: 0

      Yes, you’re a moron.

    6. Re: no surprise about safari by Anonymous Coward · · Score: 0

      You've convinced me with your impeccable logic, sir!

    7. Re: no surprise about safari by Anonymous Coward · · Score: 0

      You've convinced me with your impeccable logic that I’m a faggot!

      Fixed that for you.

    8. Re:no surprise about safari by AHuxley · · Score: 1

      Re "Who would even run Safari in the first place?"
      People using Keychain Access to look after the passwords.
      Safari fills them in so a user can log in to many different web sites and forums.
      https://en.wikipedia.org/wiki/...

      --
      Domestic spying is now "Benign Information Gathering"
    9. Re:no surprise about safari by Anonymous Coward · · Score: 0

      (The irony here is not lost on me.)

      It is not ironic. Apple had both a generic ban against running anything that wasn't Objective-C and anything that could be used to run non appstore applications (scripting engines included) several years ago. Basically the only reason Apple even allows a scripting engine on its own browser is that the alternative would break almost all websites. The security reasoning is at best an excuse thought up after the fact.

    10. Re:no surprise about safari by TheFakeTimCook · · Score: 1

      Is there a corporation that forces people to run Safari?

      Apple. On iOS, all browsers (even Chrome) are actually running Safari's rendering engine, with the exception of browsers that run all the JavaScript server-side. The reason for this is that Apple won't let apps run non-Apple JavaScript engines out of concerns about security. (The irony here is not lost on me.)

      I think that restriction may be loosening. There is a hint that the latest Firefox for iOS is not running WebKit.

      But I might have misconstrued what I read yesterday.

    11. Re:no surprise about safari by dgatwood · · Score: 1

      Apple had both a generic ban against running anything that wasn't Objective-C and anything that could be used to run non appstore applications (scripting engines included) several years ago.

      That's not entirely accurate. You could always run JavaScript with JavaScriptCore. What you could not do was use downloaded, interpreted code to significantly change the functionality of the app. For an app like a web browser, the website's content is not part of the app's functionality, so you could use JavaScriptCore. One could reasonably argue that if you could find a way to transpile games into JavaScript and run them in WebKit, you could even have something like a game emulator, though AFAIK that theory has never been tested.

      Either way, the main purpose was to ensure that an app could be properly reviewed before making it available on the store. If an app changes its functionality dramatically after the fact, that makes a proper review impossible. And reviewing arbitrary interpreters isn't particularly practical, either.

      The security reasoning is at best an excuse thought up after the fact.

      That's not really true. The reason they don't allow it is because JavaScript engines typically use JIT compiling to create native binary code and run it at a decent speed. Unless you want the third-party engines to be as slow as UIWebView's JavaScript interpreter (which doesn't use JIT compiling), Apple would need to allow select third-party apps to run unsigned code, which does, in fact, significantly increase the potential for all sorts of exploits (including jailbreaks).

      iOS allows unsigned code to run only within a special, highly privileged execution context. Initially, only Safari ran in such a context. Many years later, their out-of-process execution/IPC became fast enough and transparent enough to make WKWebView practical, at which point they were able to relax that restriction somewhat and allow third-party apps to run JavaScript code. It is possible that Apple could eventually be convinced to allow third-party browsers to do JIT compiling and run unsigned code in such a context (within an entirely separate sandbox with no filesystem access), but it will be a long, uphill battle.

      The question is not whether there's a security benefit from that limitation, but rather whether the security damage caused by a JavaScript interpreter monoculture exceeds the security benefit from not having random interpreters with the ability to run arbitrary code.

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

  4. I take it we're all supposed to know... by nuckfuts · · Score: 1

    what a DOM engine is.

    1. Re:I take it we're all supposed to know... by fibonacci8 · · Score: 5, Funny

      It's a system where a SUB is required to create a "safe word" 6 to 14 characters long containing at least one capital letter, at least on numeric digit, and at least one punctuation mark.

      --
      Inheritance is the sincerest form of nepotism.
    2. Re:I take it we're all supposed to know... by K.+S.+Kyosuke · · Score: 1

      Four words, all uppercase.

      --
      Ezekiel 23:20
    3. Re:I take it we're all supposed to know... by Anonymous Coward · · Score: 0, Funny

      CORRECT HORSE BATTERY STAPLE?

    4. Re:I take it we're all supposed to know... by hord · · Score: 4, Informative

      DOM = Document Object Model

      The DOM engine is what is responsible for parsing HTML/CSS, converting it into a tree, and then rendering the tree to the client area in the browser. It's essentially the core of the browser and presents a programmatic API along with JavaScript. It may also be used to render UI elements. For example, all of Chrome's plugins use HTML/CSS to create the menus you see in the options and menu screens.

    5. Re:I take it we're all supposed to know... by DontBeAMoran · · Score: 1

      Now you see what the web monkeys feel like when Slashdot posts articles about security or networking.

      --
      #DeleteFacebook
    6. Re:I take it we're all supposed to know... by DesertNomad · · Score: 1

      Are web monkeys different from spider monkeys?

    7. Re:I take it we're all supposed to know... by tommeke100 · · Score: 1

      Well, a DOM parser is an XML parser. HTML is XML.

    8. Re:I take it we're all supposed to know... by hord · · Score: 1

      Yes and no. HTML has a lot of non-XMLisms that require special handling in the engine. I think the common strategy is to use a set of recommendations for transforming HTML errors into valid trees which are equivalent to well-formed XML. In memory there is no difference between the two because they are both trees. Technically JSON, YAML, S-expressions, and various other hierarchical serialization formats are also equivalent. In fact, I'm curious why Google hasn't replaced HTML with JSON at this point.

    9. Re:I take it we're all supposed to know... by Anonymous Coward · · Score: 0

      Replacing HTML with XML (XHTML) failed and its quite likely that any attempt to replace HTML with JSON (we could call it JHTML) would fail for the same reasons.

    10. Re:I take it we're all supposed to know... by MrL0G1C · · Score: 1

      Ah thanks, that's my password, but I can never remember it.

      --
      Waterfox - a Firefox fork with legacy extension support, security updates and better privacy by default.
  5. Not suprising by Billly+Gates · · Score: 3, Informative

    Safari is Apple's IE 6 of this decade. It hasn't been updated in a long time and they can no longer piggy back both Google and Konqueror for new code since Chrome forked -webkit with -blink.

    I worked for a famous software supporting their cloud software. Safari was the one browser which always had trouble with even drag and dropping files. Something rudimentary in the HTML 5 standard. Even IE 9 from 2011 can easily support this.

    Sometimes Safari would work. Sometimes it would not and the Apple users always get mad at us for some reason never blaming their shitty browser.

    --
    http://saveie6.com/
    1. Re:Not suprising by Anonymous Coward · · Score: 0, Flamebait

      Sometimes Safari would work. Sometimes it would not and the Apple users always get mad at us because we build a piece of shit website.

      Fixed that for you.

    2. Re:Not suprising by Anonymous Coward · · Score: 1

      Apple users always get mad at us for some reason never blaming their shitty browser.

      ... They are Apple users for a reason

    3. Re:Not suprising by Ironman126 · · Score: 1, Insightful

      Apple has relied on its brand status for years. They've consistently put out decent, albeit iterative, products, but they've failed to keep pace with the competition in areas that actually matter, like having a usable web browser. At what point does the weight or volume of a laptop or the maximum resolution of a phone's camera take a back seat to actual product improvements? I my college posts warnings on the course webpages: "Does not work correctly on Safari, use Firefox or Chrome." The security failings are just rancid icing on the spoiled cake.

    4. Re: Not suprising by Anonymous Coward · · Score: 1

      Safari crashes a lot, has no modern features of any note, and essentially is no better functionally than Netscape 2.0.

      I use Safari exclusively and I can tell you you are completely full of shit.

    5. Re:Not suprising by Anonymous Coward · · Score: 0, Informative

      I my college posts warnings on the course webpages: "We are incompetent and can’t build a website correctly."

      Fixes that far you. Safari is the only web browser that isn’t a complete piece of shit.

    6. Re: Not suprising by Anonymous Coward · · Score: 0

      Moron. Where’s my completely useless feature that nobody cares about.

      Fixes that for you.

    7. Re: Not suprising by Old97 · · Score: 4, Informative

      Funny because I also use Safari and I run Adblock - right now in fact. There are tons of extensions and privacy features. The ad industry is up in arms about the latest Safari feature - no allowing the ad networks to track you across different web sites. I suspect you don't use Safari at all because you don't know anything about it. Do you work for Google or Microsoft?

      --
      Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
    8. Re: Not suprising by that+this+is+not+und · · Score: 0

      I use Safari exclusively and I can tell you you are completely full of shit.

      Stockholm Syndrome?

    9. Re: Not suprising by Anonymous Coward · · Score: 0

      No because you see I, unlike you, have an IQ bigger than an ant. That’s why I only use Safari.

    10. Re: Not suprising by Anonymous Coward · · Score: 0

      Where's my ad block? How do I add extensions and add ons? What privacy features does it have?

      https://safari-extensions.apple.com
      https://getadblock.com
      https://www.cnet.com/news/apple-rejects-ad-industry-complaint-over-safari-privacy/

      In short you’re completely full of shit.

    11. Re: Not suprising by Anonymous Coward · · Score: 0

      Sure buddy. Your super awesome.

    12. Re:Not suprising by that+this+is+not+und · · Score: 1

      Did Apple blow it's troll budget in the week after the latest iGadget announcement, and you're the level of troll they can afford now?

      Tim! Don't scrimp on your 'evangelism' budget. Where are the top tier trolls you usually deploy on any Apple topics?

    13. Re: Not suprising by Khyber · · Score: 0

      I worked for Apple and I can tell you that you're completely full of shit. Idiots sending in their laptops because the web browser wouldn't work with a website. Good day you apologist shill fuckwit.

      --
      Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
    14. Re: Not suprising by Anonymous Coward · · Score: 0

      I’m lying about having worked for Apple and I can tell you that you're completely full of shit. Idiots sending in their laptops because the web browser wouldn't work with a website. Good day you apologist shill fuckwit.

      Fixed that for you.

    15. Re:Not suprising by Anonymous Coward · · Score: 0

      I’m a faggot.

      Fixed that for you.

    16. Re:Not suprising by Anonymous Coward · · Score: 0

      Wow; you fix stuff almost as well as apple writes secure browsers.

    17. Re: Not suprising by Demena · · Score: 1

      Because nothing in your fucking post was accurate. Simply not worth responding to. You are either ignorant or a liar. You can pick both if you want to.

    18. Re:Not suprising by Anonymous Coward · · Score: 1

      How are any of your posts moderated over zero? Safari was last updated a couple days ago. There was even a Slashdot post last week that discussed how some advertising firms were upset because the latest Safari blocks cookies that track users across multiple sites.

    19. Re:Not suprising by Billly+Gates · · Score: 1

      How are any of your posts moderated over zero? Safari was last updated a couple days ago. There was even a Slashdot post last week that discussed how some advertising firms were upset because the latest Safari blocks cookies that track users across multiple sites.

      Yep which is why even Microsoft scores higher than safari and until recently scored on par with IE!

      --
      http://saveie6.com/
    20. Re:Not suprising by Anonymous Coward · · Score: 3, Insightful

      Safari in High Siera score 457. Safari loses 11 points as it doesn't support Ogg, WebM. 11 points lost because they don't support something that isn't useful (unless you have a 4k screen and want to watch new 4k youtube vids). WebP and JPEG-XR add in another 2 useless points missing.

      This is the problem with html5test. It includes so many features which are of no interest to the majority of people. WebVR? How the fuck is this relevant to how good a browser is?

      html5test is setup to make Chrome look better.

      For the record Edge scores 496. Firefox 484. So Microsoft scores higher than Mozilla! IE scores 312

    21. Re: Not suprising by Anonymous Coward · · Score: 0

      I used to use safari exclusively, so I can tell you: you are full of shit.

    22. Re: Not suprising by Anonymous Coward · · Score: 0

      Moron. Where’s my completely useless feature that nobody cares about.

      Fixes that for you.

      You seriously expect anyone to believe that ad blockers are a useless feature? you must trolling... if not, you must be a well trained consumer, a ripe advertising target indeed.. I suppose there is a third possibility, brainwashed none the less:

      your actions could be blindly defensive, protect "Safari", a hallowed member of the inner circle of characters bestowed upon the world by Apple, for to impurify the biblical text that is your Apps directory with a browser from a non-ideology would be nothing less than blasphemous (of course these are not conscious thoughts, but the Apple affect non the less)... thus you are irrationally bound to safari, defend it's flaws and dismiss shortcomings that you are not aware of through lack of experience, because until you free yourself of the dogmatic thinking that Apple seems to infect people with, you will never be open to trying new things, and therefor will lack the ability to judge such things without bias and irrationality.

      Alternatively I could just shout "Apple fan boi" but at least you stand a chance of doing a little introspection this way, (please do, and then help free the others).

    23. Re:Not suprising by that+this+is+not+und · · Score: 1

      You're a bassoon?

    24. Re: Not suprising by Anonymous Coward · · Score: 0

      No because you see I, unlike you, have an IQ bigger than an ant. That’s why I only use Safari.

      LOL!! this has to be astroturfing? or are these safari only people really this fucked up.

    25. Re:Not suprising by Anonymous Coward · · Score: 0

      Fixes that far you. Safari is the only web browser that is a complete piece of shit.

      Fixed that for you.

  6. IE? by Anonymous Coward · · Score: 0

    Seriously? They tested IE but not other browsers?
    I mean, I get it, IE still has a bigger user base than many other third party browser out there... but come on!

    1. Re:IE? by Anonymous Coward · · Score: 0

      Opera? It's owned by the Chinese (RED) government. Yeah, even Teh G ain't that stupid.

  7. Did Firefox even load? by Anonymous Coward · · Score: 0

    I can't even get it to run anymore. Piece of shit.

    1. Re:Did Firefox even load? by Anonymous Coward · · Score: 0

      Try updating it. Nobody uses Firefox 2.0 anymore.

  8. Man oh man by 93+Escort+Wagon · · Score: 2

    I can't believe so many of you are such zealots when it comes to your web browser of choice.

    --
    #DeleteChrome
  9. Retaliation against new Safari feature by Anonymous Coward · · Score: 0

    This is a good retaliation against the new feature of Safari that undermines Google AdWords snooping mechanisms (tracking cookies). Apple may have good intentions (I like the way they started to fight against creepy ads) but they have to think how to make a Safari a good browser again. They have to find a way to go further, after the webkit fork.
    Next move?

  10. AdBlock = inferior + 'souled-out' vs. hosts by Anonymous Coward · · Score: 0

    Adblock can't do 14 things hosts do:

    1.) Protect vs. bad sites (past ads)
    2.) Protect vs. botnet C&C servers
    3.) Protect vs. downed DNS (reliability)
    4.) Protect vs. DNS redirect poisoned/downed dns
    5.) Protect vs. trackers
    6.) Protect vs. spam payloads
    7.) Protect vs. phish payloads
    8.) Protect vs. caps
    9.) Get past dns blocks
    10.) Keep off dns request logs
    11.) Speed up 2 ways (adblocks & hardcodes)
    12.) Work on anything webbound multiplatform.
    13.) Ez data edit
    14.) Block ads more efficiently in cpu/ram/I-O use

    * BEST hosts file maker = APK Hosts File Engine 9.0++ SR-7 32/64-bit https://www.google.com/search?hl=en&source=hp&biw=&bih=&q=%22APK+Hosts+File+Engine%22+and+%22start64%22&btnG=Google+Search&gbv=1/

    APK

    P.S.=> Ab+ does less vs. hosts less efficiently (a 151mb memory hog http://cdn.ghacks.net/wp-conte...)

    ClarityRay defeats it

    Ab+'s bribed not to work by default http://www.businessinsider.com...

    AdBlock's SLOWER: http://superuser.com/questions...

  11. Firefox has more than 4 security issues with it by Anonymous Coward · · Score: 0

    Found already a couple of other crashes with the tool, some of them security related.

  12. On the same subject by Chris+Mattern · · Score: 1

    Google testers could find no security bugs whatsoever in Chrome. "It's a fucking rock," said one tester.

    1. Re:On the same subject by Anonymous Coward · · Score: 0

      "Also, Google is the best company in the world and absolutely does no evil", he added...

  13. Safari bugs already fixed! by printman · · Score: 1

    It looks like all of the Safari bugs were fixed earlier this year...

    --
    I print, therefore I am.
  14. Safari is the most secure.. by Anonymous Coward · · Score: 0

    And yet Safari is the most secure from advertiser tracking now that it intelligently blocks cookies from domains you donâ(TM)t actually visit. So sure, Safari offers the least security to Googleâ(TM)s business model, but itâ(TM)s keeping secure what I want secure, so I plan to keep using it anyway.

  15. Odd report by Anonymous Coward · · Score: 1

    So, it is interesting that they do not mention versions that they used of any of these browsers, unless I missed that detail. They only mention 'currently released'

    But much more odd "Instead of fuzzing Safari directly, which would require Apple hardware, we instead used WebKitGTK+ which we could run on internal (Linux-based) infrastructure". Google does not have a Mac, anywhere?

    So they did not run this as a user would, or in fact a proper OS X Safari release build at all. Ok, seems legit...

    This from the company that gets hurt the most by Safari beginning to block tracking of users through advertising blocking mechanisms. Maybe they were looking at ways to bypass that?

  16. Ford Test Shows Chevy Has Most Safety Issues by TheFakeTimCook · · Score: 1

    ...and Chrysler has the second most. Ford had none.

    Film at eleven.