Every major browser has its partisans, but which browser earns the highest praise from impartial security analysts?
Speaking at the RSA Conference in San Francisco yesterday, researchers at Accuvant Labs presented the results of a three-month security evaluation of Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer. The goal of the study was to determine which browser is the most secure against attack — an important consideration, given that browsers continue to represent the widest vector for attacks.
The winner: Chrome. Accuvant’s analysis concluded that Chrome was, by far, more secure than IE. In turn, IE was found to be somewhat more secure than Firefox.
However, Accuvant was quick to caution that any browser security evaluation inevitably involves a fair amount of apples and oranges.
“It’s difficult if not impossible to make clear comparisons,” Joshua Drake, Accuvant’s senior research consultant, told the conference audience. Metrics are subjective, vendors of protection technology don’t make complete data available, and browser makers don’t always disclose patches or say how severe the vulnerability patched was. To compensate, the team normalized information to the greatest extent possible.
Furthermore, it’s worth noting that Google commissioned the study, titled Browser Security Comparison: A Quantitative Approach. Google said it wanted to advance industry knowledge and discussion of best practices. Results were first presented at the SecTOR conference in October 2011.
Read the rest about browser security at eSecurity Planet.