Comparative Guide to Browser Security

Roger Grimes offers a comparative overview of browser security, including profiles of Firefox, Chrome, IE, Safari, and Opera. Grimes subjected each browser to numerous tests, including dozens of pre-defined tests made in his lab, Internet-based test suites, and exposing the browsers to known-malicious Web sites. “None of the fully patched browsers allowed silent infections or exploitation beyond simple DoS attacks. All of the browsers stopped the latest malicious attacks available on the Internet. Occasional zero-day attacks could silently infect a particular browser during a particular period of time, but all of the browsers have this same risk, and all of the browser vendors in this review are fairly consistent in patching significant problems in a timely manner.” The package also includes articles on each browser’s XSS vulnerability profile and cipher support.