Continue Reading This Article
Enjoy this article as well as all of our content, including E-Guides, news, tips and more.
Chrome: Nobody chose to attack this browser, possibly due to the sandbox, which separates programs from each other, security-wise, and from the host operating system. Attacks, however, have been published for the Chrome browser in the past, so it shouldn't be considered totally secure.
Internet Explorer 8: The operating system sandbox was not breached, though data stored in the browser could possibly be read. The exploit used to bypass Internet Explorer's security was fixed by a Microsoft patch release the day following the competition, so, for now, IE8 is reasonably secure.
Firefox: The browser crashed when performing garbage cleanup, allowing arbitrary code to be executed. Arbitrary code execution allows attackers to run any programs or commands of their choice on the machine. Such a scenario would leave Firefox quite vulnerable.
Safari: When attacked, the browser allowed arbitrary command execution, and the attacker managed to obtain a full command shell on a Mac book; he was then able to run any command of his choice on the machine. This is the very definition of a successful attack.
Opera: Was not part of the competition.
As such, it seems that Chrome and IE8 would be the most secure browsers to use in the enterprise. However, as new exploits are popping up every day, it's essential to stay on top of browser patching and updates, no matter which browser you use.
This was first published in May 2010