> safety measures to boost its security
What are "safety measures"?
> Firefox was deemed the least secure
(no I'm not looking for the answer from you)
> Anti-exploitation technology
The URL blacklisting services offered by all three browsers will stop fewer attacks than will go
undetected. Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening. While both Google
Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies,
Google Chromes plug-in security and sandboxing architectures are implemented in a more thorough
and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured
Well that's clear as mud. (I'm sure its explained further on & or in the additional documents.) So because of one set of criteria, "plug-in security and sandboxing architectures" Google is declared the "most secured against attack".
> We concluded the research for this paper in July 2011. Changes and updates may occur after this paper
> is released.
> Google Chrome versions 12 & 13
> Internet Explorer 9
> Firefox 5
I'll assume these were all the current versions at the time of the tests. (Why did they test both Chrome 12 & 13?)
> All targets were analyzed while running on Microsoft Windows 7 (32-bit)
(no Mac or Linux or anything else)
Seem to recall that W7 x64 may provide some "perks" not available on x32 systems (so that could be to IE's benefit)?
"Chrome uses a medium integrity broker process that manages the UI, creates low integrity processes
and further restricts capabilities by using a limited token for a more comprehensive sandbox than the
standard Windows low integrity mechanism. These processes are created for rendering tabs, hosting
plug-ins and extensions out of process and GPU acceleration. The broker process creates named pipes
for inter-process communication."
"The extensive use of sandboxing limits both the available attack surface and potential severity of
exploitation. A compromised renderer process would only have access to the current process and what
is made available through the broker process IPC mechanism. The compromised process would need a
method of privilege escalation from low integrity with a limited token in order to persist beyond the
Whatever that means in the real world?
"Internet Explorer uses the loosely coupled IE [MSDN_LCIE] model where the UI frame and tabs are
largely independent of each other, which allows for the browser tab processes to function at low
integrity. A medium integrity broker process creates the low integrity tabs used for browsing, hosting
ActiveX controls, GPU acceleration and manages activity independent of tabs such as downloads and
"In the event of a crash, the tab is automatically reloaded the first time, allowing malicious content
multiple attempts to succeed, or have an unsuccessful exploit attempt go unnoticed. A tab
compromised by an exploit would have read access to the file system and any low integrity process,
including other browser tabs. The compromised process would need a method of privilege escalation
from low integrity to persist beyond the browser session."
"Firefox uses a single process medium integrity browser process which contains the entire browsing
session including all tabs, add-ons, GPU acceleration and more in a single address space, with the
exception of plug-ins like Flash and Silverlight. Plug-ins are hosted out of process and independent of
each other at medium integrity. A crash in the browser process would take down the entire browser and
all plug-in processes. Alternatively, a crash in a plug-in process would be isolated to that single process."
So? So the browser crashes, so what.
"A compromised browser or plug-in process would not require privilege escalation to persist beyond the
That does sound ominous.
"A process with
a higher integrity level represents a greater value for an attacker to compromise; however; with most of
the higher integrity processes, an attacker can only interact with a very small attack surface."
"Merely compromising the browser, in some cases, is not enough
for a compromise to persist past the life of the browser process."
"URL Blacklist Services ... storing a local copy of hashed URLs in the blacklist,
and sending the hash value of a URL to a public web service for validation"
Yet they (MS) does not do anything like that for its own executables (see ... »Re: Flame: Massive cyber-attack discovered, researchers say
They do mention that FF uses Google's URL blacklist - in the text, but it is not noted in their chart (which you would think one would be more apt to review, giving a false connotation, by not noting, in regard to FF).
(Not that I place any value in blacklists anyhow.)
> ASLR ... DEP ... /GS ... SEHOP
Too much techno talk for me.
"Chrome prevents processes in the sandbox from
doing much of anything, and even if permission is granted, it is limited to the alternate desktop.
Microsoft Internet Explorer generally allows read access to most objects on the operating system, while
only preventing a hand full of system modification changes. Mozilla Firefox, on the other hand, is only
limited by the medium integrity under which it runs; permitting read, write and system change
capabilities associated with regular, non-administrator users."
"It is apparent that the Chrome sandbox prohibits the ability of the rendering process to do much of
anything. There arent any easily viable ways for malware to gain persistence or communicate with the
outside world. Any permissible actions, such as hooking windows messages, are mitigated by the fact
that an alternate Windows desktop is used for rendering content. Out of the three browsers examined, it is obvious that Google Chrome has the most stringent constraints when it comes to interacting with
the operating system from a sandboxed process."
> Browser Add-Ons
(extensions & plugins)
Have the potential to be or are far more dangerous then the browser itself.
"Plug-ins do not run in a sandbox or with any restrictions,
besides those imposed due to not being run as administrator."
Chrome includes PDF Viewer & Flash & (I wasn't too clear, but does provide some measure of sandboxing).
So there whole premiss seems to be based on "sandboxing", & in that respect, it seems they have come to the right conclusion, that Chrome is the most "secure".
With IE second, & FF in last.
That is all stats & technologies.
Now real world.
Raise your hand if you've been hit by malware while using IE?
And FF? And Chrome?
I don't know the answer to that, but would be more interested in that answer then in technologies.
My thought, IE would be a clear winner - for whatever reasons.
With FF & Chrome far behind, with no real difference between the two. So at this point Chrome's "technologies", while seemingly valuable, are they actually contributing to a more secure browser experience? Probably so, but even so I would think it to be immaterial, at this point, compared against FF.
And once you're done with "technologies", there is usability. IOW, extensions in my book. Does the browser work for you or against you. Can you make the browser work more to your liking, say with an extension - even if they may be dangerous.
And now that you have your browser, & it works how you want it to, & it works for you, you've added your wanted extensions, are you able to safely go where ever you want? Porn, warez, dslreports, you name it. Afraid to go? Or boldly go where no browser has dared go before?
Then who wins? (At least per my
For an average joe, who is just out browsing around, who doesn't concern themselves with "security", perhaps Chrome could offer the most?
(Oh, & only a passing mention in there of NoScript
. No NoScript for Chrome. One day, as it is anticipated, but not yet, waiting on backend architecture from Chrome, I believe.)
& MS intertwined too? (They do look to be legit, Accuvant that is
. Surprisingly found no reference to them at firefox.com nor mozillazine.org?)