Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs (bleepingcomputer.com)

Posted by BeauHD on from the testing-in-progress dept.

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.

4 of 105 comments (clear)

  1. Re:What an impartial study! by mangastudent · · Score: 4, Informative

    Fuzzers are pretty impartial, and I don't find it hard to believe that the Chromium/Chrome team is the best at security.

  2. Re: Not suprising by Old97 · · Score: 4, Informative

    Funny because I also use Safari and I run Adblock - right now in fact. There are tons of extensions and privacy features. The ad industry is up in arms about the latest Safari feature - no allowing the ad networks to track you across different web sites. I suspect you don't use Safari at all because you don't know anything about it. Do you work for Google or Microsoft?

    --
    Very often, people confuse simple with simplistic. The nuance is lost on most. - Clement Mok
  3. Re:I take it we're all supposed to know... by hord · · Score: 4, Informative

    DOM = Document Object Model

    The DOM engine is what is responsible for parsing HTML/CSS, converting it into a tree, and then rendering the tree to the client area in the browser. It's essentially the core of the browser and presents a programmatic API along with JavaScript. It may also be used to render UI elements. For example, all of Chrome's plugins use HTML/CSS to create the menus you see in the options and menu screens.

  4. Re:no surprise about safari by dgatwood · · Score: 4, Informative

    Is there a corporation that forces people to run Safari?

    Apple. On iOS, all browsers (even Chrome) are actually running Safari's rendering engine, with the exception of browsers that run all the JavaScript server-side. The reason for this is that Apple won't let apps run non-Apple JavaScript engines out of concerns about security. (The irony here is not lost on me.)

    --

    Check out my sci-fi/humor trilogy at PatriotsBooks.