Google Chrome Most Resilient Against Attacks, Researchers Find

Between Google Chrome, Microsoft Edge, and Internet Explorer, Chrome has been found to be the most resilient against attacks, an analysis by security researchers has found. Firefox, Safari, and Opera were not included in the test. From a report: "Modern web browsers such as Chrome or Edge improved security in recent years. Exploitation of vulnerabilities is certainly more complex today and requires a higher skill than in the past. However, the attack surface of modern web browsers is increasing due to new technologies and the increasing complexity of web browsers themselves," noted Markus Vervier, Managing Director of German IT security outfit X41 D-Sec (and one of the researchers involved in the analysis). The researchers' aim was to determine which browser provides the highest level of security in common enterprise usage scenarios.

Why even compare

[volodymyrbiryuk]

Chrome to the slow kid and his autistic older brother.

Re:

[DontBeAMoran]

http://i0.kym-cdn.com/photos/i... [kym-cdn.com]

Re:

[XXongo]

Yeah.

The key sentence is the last sentence in TFA:

"It’s too bad that other popular browsers (Firefox, Safari, Opera) weren’t included in the assessment."

Re:

[lgw]

Firefox has been excluded from recent hacking competitions as "too easy", sadly enough, but I'd love to see how Safari, Opera stand up.

Re:

[hawk]

Because who ever would have guessed the headline,

Something else is more secure than Microsoft

hawk

Uh, Chrome vs Firefox is all that matters

[Anonymous Coward]

Seriously, what is the point of this unless it compares Chrome to Firefox. Those are the only ones that actually matter!

Re:

[DontBeAMoran]

Chrome, Safari and Edge are the only ones that matter in the real world. Even if you combine both Firefox and Opera they still have less marketshare than any of those three.

Re:

[Anonymous Coward]

Not true. Firefox has more market share than Edge.

Re:

[PmanAce]

Internet Explorer has more market share than Firefox. Edge != Internet Explorer.

Re:

[DontBeAMoran]

Not for long. Edge's marketshare is increasing and Firefox's marketshare is decreasing.

And unless Firefox starts listening to their users instead of doing the opposite, and starts doing that five years ago, they're doomed.

Re:

[theweatherelectric]

Not for long. Edge's marketshare is increasing and Firefox's marketshare is decreasing.

Edge's usage is one quarter to one third [wikipedia.org] of Firefox's. It's got a way to go yet.

they're doomed

Unlikely. You should try Firefox 57. It will be released to the beta channel in a week or so [mozilla.org].

Re:

[DontBeAMoran]

Firefox has always sucked on OS X.

Re:

[DontBeAMoran]

Moderated "troll" by some idiot who only use Firefox on Windows.

Re:

[fahrbot-bot]

Firefox has always sucked on OS X.

Moderated "troll" by some idiot who only use Firefox on Windows.

More likely by someone who confuses criticism and/or contrary opinion with trolling or baiting.
Welcome to /.

Firefox 57 will likely destroy Firefox.

[Anonymous Coward]

Your attitude is a perfect example of why Firefox is on its way out. If you knew anything about Firefox 57 you'd know that it could very well be the final nail in Firefox's coffin. You would not be recommending that users look forward to it!

Firefox 57 [mozilla.org] is due in November, and it's the first release that's supposed to only support WebExtensions extensions. This will very likely break many existing extensions. Due to differing capabilities between the existing extension model and WebExtensions it may not even

Re:

[theweatherelectric]

Your attitude is a perfect example of why Firefox is on its way out.

What attitude is that? Rationality?

If you knew anything about Firefox 57 you'd know that it could very well be the final nail in Firefox's coffin.

Unlikely. Use Firefox 57 first, talk second.

Re:

[nashv]

Lets put it this way. In terms of 'number of installs' , Internet Explorer and Edge win because of being bundled with Windows. The only other browser that comes relevantly close is Chrome.

Between Chrome, Edge and Internet Explorer, you have covered about 95% of the world's consumer computers. It is obvious that their criteria is only volume...which seems to be why they have also neglected Safari.

Re:

[geekmux]

Chrome, Safari and Edge are the only ones that matter in the real world. Even if you combine both Firefox and Opera they still have less marketshare than any of those three.

Given the general level of ignorance and stupidity that often leads to consumers being successfully hacked and exploited, I don't know why people continue to value the metric of marketshare when it comes to mass ignorance and browser usage.

Marketshare doesn't keep me secure. A good browser does.

Re:

[DontBeAMoran]

But marketshare is what determines which browsers are tested when making websites. Clients won't accept a 10% increase to their invoices if Firefox represents only 2% of their users.

Re:

[DontBeAMoran]

But marketshare statistics taken from where? Web developers websites? That's why 2%. Developers use Chrome, Safari and Firefox.

On real websites that everybody uses, Edge usage is higher than Firefox.

Re:

[that this is not und]

If the website you create 'breaks' because of the browser that I am using, I am probably better off just not going to it ever again.

Truths like this should frighten website creators. (note that I did not call them 'developers' or 'designers.')

Re:

[MightyMartian]

Since when does Edge matter at all? All the statistics I've seen suggest users view Edge as their Chrome download application.

Re:

[DontBeAMoran]

#otherbrowsersmatter

Re:Uh, Chrome vs Firefox is all that matters

[Sigma 7]

The point is to say "Hi, we're so skilled and want funding". Who cares about doing proper research, we're just doing enough to make a pretty 190 page document. Slightly more useful is a document that helps instruct new programmers on information on how to harden code, as opposed to a comparison on which features browsers implement.

My opinion on the research itself: A quick scan on the document doesn't have mention of "Punycode", which was a semi-recent vulnerability which is rather important. Comparing the speed at handling that issue gives a good indicaton on the health of the browser. (For reference, Chrome, Edge and Pale Moon fix the issue. Meanwhile, Firefox fails despite an alternate version working fine. You can test you browser yourself by visitng Apple.com [xn--80ak6aa92e.com] to see the secure lock symbol.)

Re:

[swillden]

My opinion on the research itself: A quick scan on the document doesn't have mention of "Punycode", which was a semi-recent vulnerability which is rather important.

This isn't that type of security analysis. It doesn't assess known vulnerabilities, but instead analyzes organizational and architectural characteristics to determine how likely the browsers are to resist future vulnerabilities. Both sorts of analyses are useful and informative. Rapid and effective correction of vulnerabilities discovered is an important tool for security, but so is designing for defense in depth.

Re:

[ITRambo]

For security testing the top ten, or more, should have been tested, not just Microsoft's and Google's. How does Chromium compare to Chrome? If Opera more or less secure than Firefox/ I would like to know.

Re:

[thegarbz]

Just what in the Firefox market share figures makes you think it remotely matters?

Re:

[DontBeAMoran]

Firefox is but one open source projet. And the failure is not in being OSS, it's in not listening to their users, i.e. the users keep saying for years that your program has memory leaks, that you should fix that instead of adding more bloated features that nobody asked for, and all you do is put your fingers in your ears and go "la-la-la-I can't-hear-you-la-la-la" then of course you're going to fail.

Re:Open Source is a failure.

[brianerst]

And the memory leaks are largely caused by an unsafe extension system that is being replaced by a new, more thread-safe extension system. And the wailing and gnashing of teeth continue.

"Firefox has memory leaks!"
"Fixed the ones in Firefox, the rest are bad extensions (probably AdBlock)"

"Firefox's Javascript is slow!"
"Fixed that [arewefastyet.com]"

"Firefox is slow"
"We'll move to a new threading model that's lots faster and requires us to fix our leaky extension model too"

"You're breaking my extensions - why don't you listen to what your users WANT???"
[sigh...]

Re:

[DontBeAMoran]

Never used any extension with Firefox. Still sucked on OS X.

Re:

[cm5oom]

Somehow browsers like Chrome, Safari, and Edge manage to avoid these problems that Firefox suffers from. Maybe it's because their developers are smart enough to avoid the problems in the first place, and don't go blaming everybody and everything else.

Funny you should say that considering firefox is switching to the extension api that chrome uses. Maybe you're more right then you know. To spell it out for those who can't follow along maybe the extention api really is the problem.

Re:

[thegarbz]

And yet at the time when Firefox started getting some serious criticism it was one of the fastest and memory friendly browsers on the market. You know what we can do to improve that? Fuck with the user interface, add things no one wants, force people to write shitty extensions to make Firefox act the way it used to and .... oh look those extensions are buggy and make it all slow.

The things you listed are bug fixes, not "what the users want".

Re:

[TheDarkMaster]

Like the "DontBeAMoran" said, the Firefox problem is not the fact that it is an open source project, his problem is developers who do not care what the target audience wants.

Re:

[TheDarkMaster]

Shut up asshole, I'm not even a "FOSS lawyer" (I develop for closed government projects), I'm just pointing out the obvious you're apparently unable to understand.

Re:

[that this is not und]

In your long rant, you didn't mention any software project that is actually inferior.

But keep it up, if you are bored and have time to waste.

Are you kidding me?!

[the_skywise]

We compared Chrome to one of the most reviled web browsers in the world for poor security and discovered it came out on top! You won't believe what happened next - click here!

Re:Are you kidding me?!

[Baron_Yam]

Yeah, without Firefox, Safari, and Opera... it's really a pointless study unless you're merely looking for documented empirical backing for common knowledge.

Of course, the study was sponsored by Google. I'm willing to concede it was likely a fair study for what it studied, but I'd bet the scope was limited to make Chrome look better.

Re:

[DontBeAMoran]

This is probably how it went...

Chrome vs Safari and Firefox: Chrome is 1.27% better.
Chrome vs the retarded Duo (Internet Explorer and Edge): Chrome is 45.9% better.

"Let's use the 45.9% one."

Re:

[swillden]

This is probably how it went...

Chrome vs Safari and Firefox: Chrome is 1.27% better. Chrome vs the retarded Duo (Internet Explorer and Edge): Chrome is 45.9% better.

"Let's use the 45.9% one."

Well, if you look at vulnerabilities and hacking competitions, FF is perhaps a bit better than Edge, but Safari is far worse. I think the choice was mostly made based on what enterprises are likely to use, since enterprise security is the main focus. That means the relevant OS is Windows, and enterprises typically either (a) use what comes with the OS (IE/Edge) or (b) use Chrome. Enterprise use of FF is rare AFAICS.

Not surprisingly.

[Qbertino]

Chrome is a pillar of Googles strategy against Apple, Facebook and MicroSoft. They'd be stupid to let things slide with Chrome.

Re:

[that this is not und]

Why would Safari be included? It requires a hardware dongle that most of us don't possess.

I have the Safari for Windows installer for version 5.34.51.22 but that's a version from 10/2014 and Apple hasn't released anything newer. It's producer has made it irrelevant to 'the rest of us.'

Important paragraph from the intro

[swillden]

There's an important paragraph in the introduction:

The analysis has been sponsored by Google. X41 D-Sec GmbH accepted this sponsorship on the condition that Google would not interfere with our testing methodology or control the content of our paper. We are aware that we could unconsciously be biased to produce results favorable to our sponsor, and have attempted to eliminate this by being as transparent as possible about our decision-making processes and testing methodologies.

You can read the paper [x41-dsec.de] yourself to determine whether they succeeded at avoiding biasing their results. One up-front question is why they didn't include Firefox. Based on public vulnerabilities and Pwn2Own and similar competitions, FF is less secure than Chrome, but often better than Edge. Safari tends to trail by a large margin, so its exclusion doesn't surprise me, nor does the exclusion of Opera and other browsers with very small market share.

Being as how Chrome users...

[EzInKy]

...surrender all there personal info to google, I can see how this can be so.

Shit comparison, shit software

[The123king]

That's like comparing a pile of shit and a bucket of shit to a rose. which one will smell better?

Link to actual research

[xxxJonBoyxxx]

Link to actual research:
https://browser-security.x41-dsec.de/X41-Browser-Security-White-Paper.pdf

because Slashdot editors are lazy. More seriously, this paper appears to be a must-read if you're responsible for desktop or other end-user security. (The examples are great.)

Re:

[OneHundredAndTen]

Just the orher day i was on a websight ... Seems like they all still have work to do.

And you have to attain 6th grade English level.

Time to broaden the definition

[slashmydots]

It literally synchronizes malicious adware and malware extensions across multiple devices automatically. They're doing nothing about bad plugins and extensions either and that is what affects the majority of end users. So it's basically the least secure.

Re:

[koreanbabykilla]

My work IT dept only allows a very small whitelist of extentions to be installed on chrome. Perhaps you should implement this at your IT department ?

Pointless advert

[Voice of satan]

Pointless advert disguised as research. Did RTFA. Lost my time. Without including other browsers and OSes this has little value.

Useless report

[campuscodi]

This research is useless because they only compared it to Edge and IE. Of course it was better. All browsers are better than those 2. Furthermore, the study was sponsored by Google, which explains why it's so Chrome positive. https://www.x41-dsec.de/securi... [x41-dsec.de]

requisite snark

[thegreatbob]

Shame Firefox can't rip off this feature/design aspect too.

Calendar

[Thelasko]

I feel it should be noted that they separated Thunderbird and Lightning into two separate entries in the survey. For those unaware, the calendar plugin for Thunderbird is Lightning. Therefore, they should be counted as one. Doing so would make them the winner hands down. Unfortunately, since the separated them, Gnome-Calendar was the winner.

makes sense

[bobmajdakjr]

google cannot allow others to get access to the data they are harvesting about you, then they would lose their edge. makes sense they might have tried a little harder than mozillderp.