Google Releases Browser Security Handbook
Just before announcing that Chrome was taken out of beta last week, Google released a browser security handbook for Web developers that details the key security features of the main Web browsers.
Released under a Creative Commons 3.0 license, the document provides a comprehensive comparison of security features of the commonly used browsers; IE (version 6 and 7), Firefox (version 2 and 3), Safari, Opera, Chrome and the lesser known Android embedded browser.
Wanting to give the Web world a one-stop reference to security issues in browsers, author Michal Zalewski writes "Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities."
Browser security has been an ongoing problem over the years and was the first subject discussed during the browser wars panel at the Add-on conference last week. Earlier this year, Robert Hansen and Jeremiah Grossman uncovered an attack known as clickjacking, which gives an attacker the ability to trick a user into clicking where the attacker wants on a site. A good overview can be found on the Computerworld site, which has a clickjacking FAQ:
"In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car."
Clickjacking is one of the issues covered in the security handbook which is divided into three sections:
- Basic concepts behind Web browsers with reviews of core standards and technologies behind current browsers and their security properties
- Standard browser security features details explicit security mechanisms and restrictions
- Experimental and legacy security mechanisms discusses security mechanisms that have either fallen into disuse or never caught on, as well as those yet to prove their worth.
The document appears to be an ongoing project; you can find more details here.
Image Credit: Thanks Darwin Bell
Comments
Subscribe to comments for this post OR Subscribe to comments for all ReadWriteWeb posts
This is good news - but puzzling nonetheless.
Why would it be in their self interest to release an unbias review if they are trying to promote their own browser.
Are they in essence claiming that their browser excels over all the competition in security?
While it is a nice browser, it just is not that customizable or interesting to use as the versatile FireFox.
Honestly, anyone who would need this handbook probably would never use it or even know about it. The best security when it comes to computers is using the thing between your ears.
Don't visit shady sites and don't randomly install junk. What else do you need to know?
Hope this book will be handy for web developers
thanks..
Hope this book will be handy for web developers
Hope this book will be handy for web developers
I'm glad more users will be informed about internet security threats. It's true that a large percentage of them could be avoided if people simply knew some of the basics.
just is not that customizable or interesting to use as the versatile FireFox.