Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Endpoint Security

New Research Says Chrome Browser “Most Secured” Against Attacks

Which Web Browser is the Most Secure? New Research Tests How Web Browsers Stand Up Against Today’s Web-based Threats

Security research firm Accuvant, today released the results a study comparing the security of the three most widely used web browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer.

Which Web Browser is the Most Secure? New Research Tests How Web Browsers Stand Up Against Today’s Web-based Threats

Security research firm Accuvant, today released the results a study comparing the security of the three most widely used web browsers – Mozilla Firefox, Google Chrome, and Microsoft Internet Explorer.

In its research, the Accuvant LABS team tried to determine which browser best secures against attackers. The research firm says it used a “completely different and more extensive methodology than previous, similar studies.”

“We compared web browsers from a layered perspective, taking into account security architecture and anti-exploitation techniques,” said Chris Valasek, Accuvant LABS senior research scientist. “Like antivirus or anti-malware software, each provides an additional layer of defense. This methodology requires a greater depth of technical expertise than statistical analysis of vulnerabilities, and also provides a more accurate window into the security of each browser.”

So which browser turned out to be the most secure? Accuvant said that Google Chrome is currently the browser that is most secured against attacks. Ironically, Google commissioned Accuvant to perform the comparison, but the results and testing methodology are available for anyone to see, and Accuvant is a highly respected firm, so I don’t assume the results to be skewed in favor of Chrome, despite Google’s funding of the undertaking.

Google’s Chrome Had Strongest Sandboxing Technology, FireFox Lacks a Formal Sandbox

As the report notes, sandboxes are quickly becoming standard best practice within many popular applications. The report said that Google’s Chrome provided the most restrictive sandbox, limiting almost all interaction with the OS to the broker process. “Internet Explorer has made valiant first steps at a sandbox by using the low integrity functionality to restrict IE tabs’ persistence abilities on the system in the event of a compromise,” the report says. “Unfortunately, the low integrity mechanism permits read access to most resources, unrestricted network accessibility and a multitude of ways to alter the system state. Lastly, Firefox has yet to implement any formal sandbox, relying solely upon the process running as medium integrity; giving it the ability to perform any action of a non-administrator.”

Safest Web Browser

Chrome was also credited with releasing updates more frequently than both Mozilla and Microsoft. In terms of time to patch a reported vulnerability, Chrome was fastest, while Microsoft was the slowest. Accuvant suggests that because Internet Explorer is deeply integrated with the Windows operating system, changes in Internet Explorer can have repercussions throughout a much larger code base, adding to the time it takes to create a stable and tested patch.

In terms of URL blacklisting, technology that helps block agains potentially malicious sites, including phishing sites and sites serving up malware, the report said that blacklisting services offered by all three browsers will stop fewer attacks than will go undetected.

“Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti- exploitation technologies, but Mozilla Firefox lags behind without JIT hardening,” the report notes. “While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack,” the report concluded.

The full report, “Browser Security Comparison: A Quantitative Approach,” as well as all of the data presented within the document and the tools used to generate the data, are available for download here. The report is a great read and highly suggested for anyone in an IT security related role.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.

Cyberwarfare

Russia-linked cyberespionage group APT29 has been observed using embassy-themed lures and the GraphicalNeutrino malware in recent attacks.

Malware & Threats

Security researchers are warning of a new wave of malicious NPM and PyPI packages designed to steal user information and download additional payloads.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Malware & Threats

Cybercrime in 2017 was a tumultuous year "full of twists and turns", with new (but old) infection methods, a major return to social engineering,...