Comments for Google Releases Browser Security Handbook

Google Releases Browser Security Handbook

2008-12-13T20:11:12Z

Just before announcing that Chrome was taken out of beta last week, Google released a browser security handbook for Web developers that details the key security features of the main Web browsers.

Released under a Creative Commons 3.0 license, the document provides a comprehensive comparison of security features of the commonly used browsers; IE (version 6 and 7), Firefox (version 2 and 3), Safari, Opera, Chrome and the lesser known Android embedded browser.

]]> Wanting to give the Web world a one-stop reference to security issues in browsers, author Michal Zalewski writes "Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities."

Browser security has been an ongoing problem over the years and was the first subject discussed during the browser wars panel at the Add-on conference last week. Earlier this year, Robert Hansen and Jeremiah Grossman uncovered an attack known as clickjacking, which gives an attacker the ability to trick a user into clicking where the attacker wants on a site. A good overview can be found on the Computerworld site, which has a clickjacking FAQ:

"In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car."

Clickjacking is one of the issues covered in the security handbook which is divided into three sections:

Basic concepts behind Web browsers with reviews of core standards and technologies behind current browsers and their security properties
Standard browser security features details explicit security mechanisms and restrictions
Experimental and legacy security mechanisms discusses security mechanisms that have either fallen into disuse or never caught on, as well as those yet to prove their worth.

The document appears to be an ongoing project; you can find more details here.

Image Credit: Thanks Darwin Bell

Comment from araba oyunları on 2009-01-11

2009-01-11T17:22:45Z

just is not that customizable or interesting to use as the versatile FireFox.

Comment from Delgado Business Software on 2009-01-02

2009-01-02T22:00:52Z

I'm glad more users will be informed about internet security threats. It's true that a large percentage of them could be avoided if people simply knew some of the basics.

Comment from منتدى on 2009-01-01

2009-01-01T12:40:57Z

Hope this book will be handy for web developers

Comment from منتدى on 2009-01-01

2009-01-01T12:39:18Z

Hope this book will be handy for web developers

Comment from vidanjör on 2008-12-15

2008-12-15T11:14:56Z

thanks..

Comment from venkat on 2008-12-13

2008-12-14T03:55:25Z

Hope this book will be handy for web developers

Comment from Anrkist on 2008-12-13

2008-12-14T00:11:21Z

Honestly, anyone who would need this handbook probably would never use it or even know about it. The best security when it comes to computers is using the thing between your ears.

Don't visit shady sites and don't randomly install junk. What else do you need to know?

Comment from AD Public Relations on 2008-12-13

2008-12-13T20:57:53Z

This is good news - but puzzling nonetheless.

Why would it be in their self interest to release an unbias review if they are trying to promote their own browser.

Are they in essence claiming that their browser excels over all the competition in security?

While it is a nice browser, it just is not that customizable or interesting to use as the versatile FireFox.