All about Google Chrome & Google Chrome OS

13 Dec 11 Google Chrome Tops List of Most Secure Browsers in Google-Commissioned Study

Browser Wars: Chrome vs IE9 vs Firefox

Google Chrome is the most secure browser in the world, according to a Google-commissioned study by Accuvant LABS.

You’ll can read the entire, deeply technical 100-page report, but we just wanted to point out Accuvant’s unusual benchmarking. Accuvant emphasized anti-exploitation techniques – for which Chrome is known after surviving several Pwn2Own hacking competitions – embedded in each browser. This is fundamentally different from other browser security comparisons that prioritize vulnerability report counts and URL blacklists.

“Accuvant LABS’ analysis is based on the premise that all software of sufficient complexity and an evolving code base will always have vulnerabilities,” it wrote. “Anti-exploitation technology can reduce or eliminate the severity of a single vulnerability or an entire class of exploits. Thus, the software with the best anti-exploitation technologies is likely to be the most resistant to attack and is the most crucial consideration in browser security.”

Microsoft Internet Explorer (IE) and Mozilla Firefox came in second and third place. Accuvant only analyzed these three test subjects because of their browser share; citing, Accuvant said these three browsers represent 93.4 percent of the market.

browser security

Chrome came out tops for its sandboxing (information isolating) techniques, which aim to mitigate potential exploits. Chrome uses a medium integrity broker process to manage its user interface and create low integrity processes. As a result, even if the rendering process was to be compromised, attackers would only have access to the current process and whatever is made available through the broker process IPC mechanism.  

IE, like Chrome, separates each tab or window you open, so that exploits in one tab won’t affect the other. Firefox hardly uses sandboxing at all, Accuvant said. 

Accuvant further criticized Mozilla Firefox’s anti-exploitation techniques because it lacked JIT hardening. 

JIT stands for Just-In-Time. It refers to code that is compiled on the fly and executed within the browser. JIT pages are easy prey for attackers, who simply convert JavaScript into malicious machine code that bypasses exploit mitigations such as Address Space Layout Randomization (ASLR) and Data Execution Prevention (DEP). Hardening this compiles JavaScript in an unpredictable way, making it harder for attackers to take control.  

A secure browser is a good first line of defense against online malware, but you can bolster your protection with any number of AV products. Most leading vendors offer free site reputation toolbars, like Norton Safe Web, McAfee SiteAdvisor, and BitDefender TrafficLight, which also come bundled in their respective security suites. M86 SecureBrowsing is a decent, free standalone product. 

Accuvant’s study never touched upon pre-loaded browser spyware either, only the ability for the sandbox to block out spyware. So don’t forget to check out PCMag’s guide to staying anonymous online.

For more from Sara, follow her on Twitter @sarapyin.

For the top stories in tech, follow us on Twitter at @PCMag.

Article source:

Tags: , , ,