Browser Security
Page 1 of 1
Browser Security
Lessons from Google Chrome
Browsers are an appealing target for attackers because they have a large and complex trusted computing base with a wide network-visible interface. Historically, every browser at some point has contained a bug that let a malicious Web-site operator circumvent the browser’s security policy and compromise the user’s computer. Even after these vulnerabilities are patched, many users continue to run older, vulnerable versions.5 When these users visit malicious Web sites, they run the risk of having their computers compromised.
Generally speaking, the danger posed to users comes from three factors, and browser vendors can help keep their users safe by addressing each of these factors:
* The severity of vulnerabilities. By sandboxing their rendering engine, browsers can reduce the severity of vulnerabilities. Sandboxes limit the damage that can be caused by an attacker who exploits a vulnerability in the rendering engine.
* The window of vulnerability. Browsers can reduce this window by improving the user experience for installing browser updates, thus minimizing the number of users running old versions that lack security patches.
* The frequency of exposure. By warning users before they visit known malicious sites, browsers can reduce the frequency with which users interact with malicious content.
Download PDF
Browsers are an appealing target for attackers because they have a large and complex trusted computing base with a wide network-visible interface. Historically, every browser at some point has contained a bug that let a malicious Web-site operator circumvent the browser’s security policy and compromise the user’s computer. Even after these vulnerabilities are patched, many users continue to run older, vulnerable versions.5 When these users visit malicious Web sites, they run the risk of having their computers compromised.
Generally speaking, the danger posed to users comes from three factors, and browser vendors can help keep their users safe by addressing each of these factors:
* The severity of vulnerabilities. By sandboxing their rendering engine, browsers can reduce the severity of vulnerabilities. Sandboxes limit the damage that can be caused by an attacker who exploits a vulnerability in the rendering engine.
* The window of vulnerability. Browsers can reduce this window by improving the user experience for installing browser updates, thus minimizing the number of users running old versions that lack security patches.
* The frequency of exposure. By warning users before they visit known malicious sites, browsers can reduce the frequency with which users interact with malicious content.
Download PDF
andry- Moderator
- Posts : 467
Join date : 2010-05-07
Similar topics
» Browser Security Handbook
» Avant Browser browser:home Persistent XSS vulnerabilities
» Orca Browser browser:home Persistent XSS vulnerability
» How Unique Is Your Web Browser?
» Browser Forensics v1 2010
» Avant Browser browser:home Persistent XSS vulnerabilities
» Orca Browser browser:home Persistent XSS vulnerability
» How Unique Is Your Web Browser?
» Browser Forensics v1 2010
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|