Google Chrome may be a relatively new browser compared to Microsoft’s
Internet Explorer and Mozilla Firefox, but it’s making better efforts on a
couple of key security fronts, according to researchers at Accuvant Labs.
PThe Denver-based security solutions provider says it has been doing months of
research on the latest versions of the browsers, unleashing malicious payloads in a test environment
and monitoring how well each one absorbed the threat. The researchers unveiled a
first glimpse at their results at Toronto’s Sector conference in October.
“The browser has become the most critical application we all use, and in some
cases the only application we all use,” says Shawn Moyer, practice manager of
research consulting at Accuvant
Labs. “Ultimately the best browser is the most payload hostile one.”
Accuvant researchers included the average time it took Microsoft Corp.,
Mozilla, and Google Inc. in their study. They found that Internet Explorer remained vulnerable for the longest average
time after an exploit was discovered, at 214 days to patch. Mozilla issued its
patches to Firefox in an average of 158 days, and Chrome was patched in an average of 53 days.
“That doesn’t necessarily reflect well on the Chrome team, since their internal policy is 30 days to patch,”
Sandboxing to security
One method browsers can be used for security is to manage tasks across various
operating system processes. In Windows 7 for example, application processes are
divided into security levels deemed low, medium, high, and system. Most
applications run at medium level to allow for writing to directories, but
browsing processes are often low-level to provide read only access.
Processes can be used to isolate, or “sandbox,” certain risky applications so
they don’t affect other applications running on a computer. Applications also
have the option to run different processes to segregate their operations.
Each browser is built with a different architecture when it comes to
processes, explains Paul Mehta, senior research scientist at Accuvant.
“Sandboxing and multi-process architectures are the biggest steps forward in
browser security in recent years.”
Page Navigation 1) Key areas where Google Chrome leads in security. – Page 1
2) Firefox in the contrarian among leading browsers. – Page 2
Article source: http://www.itbusiness.ca/it/client/en/home/News.asp?id=64771