"HTML5 provides new ways to create highly interactive sites and explicitly addresses more security that its predecessors.
"Browser databases and changes to the Same Origin Rule help developers create more advanced sites. But new elements and new features may introduce new script injection (XSS) attacks. They also add new code to the browser, which may have bugs that can be exploited to spread malware or attack the desktop.
"HTML5 also entwines privacy and security more closely. Browsers finally stopped supporting the terribly insecure SSLv2 only within the past few years, in spite of some websites still having it configured. Now it's up to websites to start applying SSL (HTTPS) more rigorously. As browsers become the primary means of storing, sharing and manipulating information - whether financial, medical, professional, or social - the necessity of encrypting that traffic increases.
"The best ways to protect your browser are to keep it up to date - along with its plug-ins. And to be wary of using public wi-fi networks when you want to visit sites that don't strictly enforce HTTPS throughout its pages."
Mike Shema, security research engineer at Qualys
Back to feature