- Joined
- Oct 22, 2013
- Messages
- 9,766
I know this isn't where this thread belongs and I expect it to be moved to the appropriate place as soon as the brass notices it but I thought it important that everyone knows that they should start using Chrome if they want to be as safe as possible.
http://www.tomshardware.com/news/pwn2own-chrome-ie-browser-security,28797.html#xtor=EPR-8886
At Pwn2Own, Chrome Is First, IE Last In Browser Security (Updated)
Pwn2Own is a browser security competition where security researchers who have been working on finding vulnerabilities in web browsers for the past year try to win significant monetary prizes from companies such as Google, Microsoft, Apple and Mozilla.
The flaws are usually found after months of work. At Pwn2Own they have only 30 minutes to demonstrate their hacking capability and beat the browsers' security before the others in the competition. The first to show a browser exploit in the given timeframe wins the prize. Multiple such prizes are given throughout the Pwn2Own competition.
In the second day of Pwn2Own, security researchers managed to expose multiple vulnerabilities. All of the participating web browsers were ultimately hacked. However, Chrome only had one flaw discovered, and writing the exploit for it was the hardest, according to the researcher who managed to do it.
Internet Explorer was the least secure browser of the bunch, with five vulnerabilities found. The researchers also found five vulnerabilities in the Windows operating system.
Over the past few years, IE and Firefox have traded off being in last place, but Chrome is usually consistently the one with the least vulnerabilities. Google created Chrome from the beginning with security in mind (the process sandbox, as well as other security features), so it's not too surprising to see it again be the most robust.
IE on the other hand has too much legacy code it has to worry about, but hopefully things will change in terms of security as well if Microsoft's new browser, "Project Spartan," has a more prominent role in Windows 10.
Mozilla also intends to replace more parts of its browser with components written in the memory-safe Rust language, which can help protect against common security vulnerabilities. However, a few more years will probably pass until that happens.
Pwn2Own 2015: Day 2 Highlights
Update, 3/23/15, 7:10am: Mozilla Security Lead Daniel Veditz reached out to us to note that Mozilla patched Firefox as soon as the company learned about the Pwn2own exploits. He said that Firefox version 36.0.4 took care of the same-origin violation used in the Pwn2own exploit, while the other vulnerability, which he said was not exploitable on its own, will be patched in Firefox version 37.
http://www.tomshardware.com/news/pwn2own-chrome-ie-browser-security,28797.html#xtor=EPR-8886
At Pwn2Own, Chrome Is First, IE Last In Browser Security (Updated)
Pwn2Own is a browser security competition where security researchers who have been working on finding vulnerabilities in web browsers for the past year try to win significant monetary prizes from companies such as Google, Microsoft, Apple and Mozilla.
The flaws are usually found after months of work. At Pwn2Own they have only 30 minutes to demonstrate their hacking capability and beat the browsers' security before the others in the competition. The first to show a browser exploit in the given timeframe wins the prize. Multiple such prizes are given throughout the Pwn2Own competition.
In the second day of Pwn2Own, security researchers managed to expose multiple vulnerabilities. All of the participating web browsers were ultimately hacked. However, Chrome only had one flaw discovered, and writing the exploit for it was the hardest, according to the researcher who managed to do it.
Internet Explorer was the least secure browser of the bunch, with five vulnerabilities found. The researchers also found five vulnerabilities in the Windows operating system.
- 5 bugs in the Windows operating system
- 4 bugs in Internet Explorer 11
- 3 bugs in Mozilla Firefox
- 3 bugs in Adobe Reader
- 3 bugs in Adobe Flash
- 2 bugs in Apple Safari
- 1 bug in Google Chrome
Over the past few years, IE and Firefox have traded off being in last place, but Chrome is usually consistently the one with the least vulnerabilities. Google created Chrome from the beginning with security in mind (the process sandbox, as well as other security features), so it's not too surprising to see it again be the most robust.
IE on the other hand has too much legacy code it has to worry about, but hopefully things will change in terms of security as well if Microsoft's new browser, "Project Spartan," has a more prominent role in Windows 10.
Mozilla also intends to replace more parts of its browser with components written in the memory-safe Rust language, which can help protect against common security vulnerabilities. However, a few more years will probably pass until that happens.
Pwn2Own 2015: Day 2 Highlights
Update, 3/23/15, 7:10am: Mozilla Security Lead Daniel Veditz reached out to us to note that Mozilla patched Firefox as soon as the company learned about the Pwn2own exploits. He said that Firefox version 36.0.4 took care of the same-origin violation used in the Pwn2own exploit, while the other vulnerability, which he said was not exploitable on its own, will be patched in Firefox version 37.
