Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs (bleepingcomputer.com)

Posted by BeauHD on from the testing-in-progress dept.

An anonymous reader writes from a report via Bleeping Computer: The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari. Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues. The tests were carried out with a new fuzzing tool created by Google engineers named Domato, also open-sourced on GitHub. This is the third fuzzing tool Google creates and releases into open-source after OSS-Fuzz and syzkaller. Researchers focused on testing DOM engines for vulnerabilities because they expect them to be the next target for browser exploitation after Flash reaches end-of-life in 2020.

3 of 105 comments (clear)

  1. Re:What an impartial study! by K.+S.+Kyosuke · · Score: 3, Insightful

    Maybe the same or similar group of people who wrote the tool also wrote the part of the browser that the tool tests, using similar approaches?

    --
    Ezekiel 23:20
  2. Re:Not suprising by Ironman126 · · Score: 1, Insightful

    Apple has relied on its brand status for years. They've consistently put out decent, albeit iterative, products, but they've failed to keep pace with the competition in areas that actually matter, like having a usable web browser. At what point does the weight or volume of a laptop or the maximum resolution of a phone's camera take a back seat to actual product improvements? I my college posts warnings on the course webpages: "Does not work correctly on Safari, use Firefox or Chrome." The security failings are just rancid icing on the spoiled cake.

  3. Re:Not suprising by Anonymous Coward · · Score: 3, Insightful

    Safari in High Siera score 457. Safari loses 11 points as it doesn't support Ogg, WebM. 11 points lost because they don't support something that isn't useful (unless you have a 4k screen and want to watch new 4k youtube vids). WebP and JPEG-XR add in another 2 useless points missing.

    This is the problem with html5test. It includes so many features which are of no interest to the majority of people. WebVR? How the fuck is this relevant to how good a browser is?

    html5test is setup to make Chrome look better.

    For the record Edge scores 496. Firefox 484. So Microsoft scores higher than Mozilla! IE scores 312