For as long as there has been more than one browser, users have been asking which browser is more secure. Answering the question has often led to an evaluation of publicly disclosed vulnerabilities and determining how long it takes a browser vendor or organization, as in the case of FireFox, to patch.
According to a pair of security researchers from Accuvant Labs speaking at the SecTOR security conference in Toronto this week, there needs to be a more holistic and thorough view of browsers to fully understand security risks.
“The browser is the most critical application that we all use and in some cases it’s the only application we use,” Shawn Moyer, managing principal research consultant with Accuvant said. “The browser decision is one of the most important you can make on your computer.”
Moyer noted that the majority of modern exploits target the browser and Web applications that run within the browser. The Accuvant research is still a work in progress, though Moyer said the goal at this point is to provide some information about the approach to understanding the browser attack surface.
The Accuvant research is examining a number of different elements including browser process security architecture, add-ons security, exploit mitigation techniques, sandboxing, and malware detection capabilities.