Google Chrome vs the Wannabees

  • To unlock all of features of Rams On Demand please take a brief moment to register. Registering is not only quick and easy, it also allows you access to additional features such as live chat, private messaging, and a host of other apps exclusive to Rams On Demand.

Alan

Legend
Joined
Oct 22, 2013
Messages
9,765
I know this isn't where this thread belongs and I expect it to be moved to the appropriate place as soon as the brass notices it but I thought it important that everyone knows that they should start using Chrome if they want to be as safe as possible.
http://www.tomshardware.com/news/pwn2own-chrome-ie-browser-security,28797.html#xtor=EPR-8886
At Pwn2Own, Chrome Is First, IE Last In Browser Security (Updated)
Pwn2Own is a browser security competition where security researchers who have been working on finding vulnerabilities in web browsers for the past year try to win significant monetary prizes from companies such as Google, Microsoft, Apple and Mozilla.

The flaws are usually found after months of work. At Pwn2Own they have only 30 minutes to demonstrate their hacking capability and beat the browsers' security before the others in the competition. The first to show a browser exploit in the given timeframe wins the prize. Multiple such prizes are given throughout the Pwn2Own competition.

In the second day of Pwn2Own, security researchers managed to expose multiple vulnerabilities. All of the participating web browsers were ultimately hacked. However, Chrome only had one flaw discovered, and writing the exploit for it was the hardest, according to the researcher who managed to do it.

Internet Explorer was the least secure browser of the bunch, with five vulnerabilities found. The researchers also found five vulnerabilities in the Windows operating system.

  • 5 bugs in the Windows operating system
  • 4 bugs in Internet Explorer 11
  • 3 bugs in Mozilla Firefox
  • 3 bugs in Adobe Reader
  • 3 bugs in Adobe Flash
  • 2 bugs in Apple Safari
  • 1 bug in Google Chrome
A total of $557,500 was paid out to researchers. Korean Jung Hoon Lee who wrote the 2,000 lines of code exploit for Chrome was also the one to hack into some of the other browsers, managing to take home almost half of the total payout for himself. Lee won $225,000 at the Pwn2Own competition in bounty prizes, of which $110,000 he got in just two minutes.

Over the past few years, IE and Firefox have traded off being in last place, but Chrome is usually consistently the one with the least vulnerabilities. Google created Chrome from the beginning with security in mind (the process sandbox, as well as other security features), so it's not too surprising to see it again be the most robust.

IE on the other hand has too much legacy code it has to worry about, but hopefully things will change in terms of security as well if Microsoft's new browser, "Project Spartan," has a more prominent role in Windows 10.

Mozilla also intends to replace more parts of its browser with components written in the memory-safe Rust language, which can help protect against common security vulnerabilities. However, a few more years will probably pass until that happens.


Pwn2Own 2015: Day 2 Highlights


Update, 3/23/15, 7:10am: Mozilla Security Lead Daniel Veditz reached out to us to note that Mozilla patched Firefox as soon as the company learned about the Pwn2own exploits. He said that Firefox version 36.0.4 took care of the same-origin violation used in the Pwn2own exploit, while the other vulnerability, which he said was not exploitable on its own, will be patched in Firefox version 37.
 

A55VA6

Legend
Joined
Mar 9, 2013
Messages
8,208
I prefer Firefox and Safari over Chrome but I use a Mac, if that makes any difference.

But NO ONE should use Internet Explorer. lol that's just hazardous.
 

CodeMonkey

Possibly the OH but cannot self-identify
Joined
Jun 20, 2014
Messages
3,449
I imagine if Jung Hoon Lee is looking for work he won't have much problem finding it.

As a developer, Microsoft products in general are the biggest pain in the ass. As a company they think nothing of just changing published standards midstream. Their stuff doesn't have to be quality, it just has to be good enough.
 

brokeu91

The super shrink
Joined
Jul 10, 2010
Messages
5,546
Name
Michael
Not that I mind all that much, but shouldn't this be in the Off Topic area?
 

ChrisW

Stating the obvious
Joined
Sep 9, 2013
Messages
4,670
I know this isn't where this thread belongs and I expect it to be moved to the appropriate place as soon as the brass notices it but I thought it important that everyone knows that they should start using Chrome if they want to be as safe as possible.
http://www.tomshardware.com/news/pwn2own-chrome-ie-browser-security,28797.html#xtor=EPR-8886
At Pwn2Own, Chrome Is First, IE Last In Browser Security (Updated)
Pwn2Own is a browser security competition where security researchers who have been working on finding vulnerabilities in web browsers for the past year try to win significant monetary prizes from companies such as Google, Microsoft, Apple and Mozilla.

The flaws are usually found after months of work. At Pwn2Own they have only 30 minutes to demonstrate their hacking capability and beat the browsers' security before the others in the competition. The first to show a browser exploit in the given timeframe wins the prize. Multiple such prizes are given throughout the Pwn2Own competition.

In the second day of Pwn2Own, security researchers managed to expose multiple vulnerabilities. All of the participating web browsers were ultimately hacked. However, Chrome only had one flaw discovered, and writing the exploit for it was the hardest, according to the researcher who managed to do it.

Internet Explorer was the least secure browser of the bunch, with five vulnerabilities found. The researchers also found five vulnerabilities in the Windows operating system.

  • 5 bugs in the Windows operating system
  • 4 bugs in Internet Explorer 11
  • 3 bugs in Mozilla Firefox
  • 3 bugs in Adobe Reader
  • 3 bugs in Adobe Flash
  • 2 bugs in Apple Safari
  • 1 bug in Google Chrome
A total of $557,500 was paid out to researchers. Korean Jung Hoon Lee who wrote the 2,000 lines of code exploit for Chrome was also the one to hack into some of the other browsers, managing to take home almost half of the total payout for himself. Lee won $225,000 at the Pwn2Own competition in bounty prizes, of which $110,000 he got in just two minutes.

Over the past few years, IE and Firefox have traded off being in last place, but Chrome is usually consistently the one with the least vulnerabilities. Google created Chrome from the beginning with security in mind (the process sandbox, as well as other security features), so it's not too surprising to see it again be the most robust.

IE on the other hand has too much legacy code it has to worry about, but hopefully things will change in terms of security as well if Microsoft's new browser, "Project Spartan," has a more prominent role in Windows 10.

Mozilla also intends to replace more parts of its browser with components written in the memory-safe Rust language, which can help protect against common security vulnerabilities. However, a few more years will probably pass until that happens.


Pwn2Own 2015: Day 2 Highlights


Update, 3/23/15, 7:10am: Mozilla Security Lead Daniel Veditz reached out to us to note that Mozilla patched Firefox as soon as the company learned about the Pwn2own exploits. He said that Firefox version 36.0.4 took care of the same-origin violation used in the Pwn2own exploit, while the other vulnerability, which he said was not exploitable on its own, will be patched in Firefox version 37.

My office IT department wants us to use IE, and I have no idea why. They make a big hubbub about people that use chrome.

We've recently had some crypto-locker viruses sweeping through because of the older employees that don't understand not to click on ads and all that.

I've downloaded chrome and loaded it with Adblock and Ghostery. I've yet to encounter a virus, and I probably log more internet time than most in the company.
 

lordbannon

Rams On Demand Sponsor
Rams On Demand Sponsor
Joined
Aug 22, 2014
Messages
701
My office IT department wants us to use IE, and I have no idea why. They make a big hubbub about people that use chrome.

We've recently had some crypto-locker viruses sweeping through because of the older employees that don't understand not to click on ads and all that.

I've downloaded chrome and loaded it with Adblock and Ghostery. I've yet to encounter a virus, and I probably log more internet time than most in the company.

They want you to use IE so they only have to test the company tools with one browser. And so that your recreational web browsing is such a horrible experience that you don't do it on their time!
 

ChrisW

Stating the obvious
Joined
Sep 9, 2013
Messages
4,670
They want you to use IE so they only have to test the company tools with one browser. And so that your recreational web browsing is such a horrible experience that you don't do it on their time!

makes sense. Our document management system won't run on chrome.
 

Faceplant

Still celebrating Superbowl LVI
Rams On Demand Sponsor
2023 ROD Pick'em Champion
Joined
Aug 11, 2010
Messages
9,597
Lolz. IE is about to be phased out/re-packaged anyway. Even MICROSOFT hates it. The only thing that keeps it around is legacy crap that uses ActiveX. Pretty much everything is going to HTML5 anyway.
 

CodeMonkey

Possibly the OH but cannot self-identify
Joined
Jun 20, 2014
Messages
3,449
My office IT department wants us to use IE, and I have no idea why. They make a big hubbub about people that use chrome.

We've recently had some crypto-locker viruses sweeping through because of the older employees that don't understand not to click on ads and all that.

I've downloaded chrome and loaded it with Adblock and Ghostery. I've yet to encounter a virus, and I probably log more internet time than most in the company.
There are probably some features of web applications at your company that only work in IE. That's pretty common actually. We have software that requires IE to function properly as well. The thing is that MS are such bastards that they purposely make their standards incompatible with the free world. They've got our user base so addicted to Excel/Word/Powerpoint/Outlook/IE that you have to play. Resistance is futile...All will be assimilated. Google is a worthy foe though.
 
Last edited:

CodeMonkey

Possibly the OH but cannot self-identify
Joined
Jun 20, 2014
Messages
3,449
Yea but on the other hand you could have all the porn at your fingertips you care to consume without even asking. This happened to my bro's laptop. Sad day.
 

Angry Ram

Captain RAmerica Original Rammer
Joined
Jul 1, 2010
Messages
17,847
Main issue with IE is it's bloated and full of shits. And it's more vulnerable, b/c so many places of work still use it.

I use Chrome, with Firefox as my backup.
 

bomebadeeda

Rams On Demand Sponsor
Rams On Demand Sponsor
Joined
Apr 25, 2013
Messages
1,705
Name
Bome
We use IE at work and one IT guy got mad at the Network designer for putting IE 8 on my computer in place of IE 7 they want to use. But our customer's stuff can't run correctly on IE so I have to use Chrome (which I use at home....). We have less problems w/ our customer's software than our own bloated bolt together crap.
 

A55VA6

Legend
Joined
Mar 9, 2013
Messages
8,208
This happened to my mom recently. Had to go over and fix her computer. Installed Firefox and Chrome for her and she loves it. haha.
 

LesBaker

Mr. Savant
Joined
Aug 23, 2012
Messages
17,460
Name
Les
I imagine if Jung Hoon Lee is looking for work he won't have much problem finding it.

As a developer, Microsoft products in general are the biggest pain in the ass. As a company they think nothing of just changing published standards midstream. Their stuff doesn't have to be quality, it just has to be good enough.

I used to know someone who worked closely with MS during product testing and he used to say "it's not a bug, it's a feature!"

@A55VA6 you may need to supply yer mom with some safer pron sites lol.