Browser vendors are constantly on the lookout for things to brag about. While just about any type of bragging rights are welcome, vendors are mostly found crowing about either speed, security or HTML5 compliance. This time it’s Google’s turn to break into a victory lap, for Chrome has just been crowned the most secure browser in a study conducted by Accuvant Labs (PDF).
Not that it’s going to affect Google’s celebrations, we’d like to point out that the study in question was commissioned by the web giant itself. Now that we have made the take-this-with-a-grain-of-salt appeal necessary with a study that ends up portraying the party that funded it in the most positive light, it’s time to proceed to the details.
Accuvant Labs only considered Internet Explorer (version 9), Chrome (versions 12 and 13) and Firefox (version 5.0.1) for its research. In its 102-page report, the firm concluded that Chrome is the most secure browser of the three, with Internet Explorer and Firefox coming in second and last, respectively.
According to Accuvant, it adopted a different approach from other similar attempts that mostly “rely on statistical analysis of vulnerability data”, opting instead for a thorough analysis of anti-exploitation mechanisms baked into the concerned browsers.
“The URL blacklisting services offered by all three browsers will stop fewer attacks than will go undetected,” said Accuvant in its report. “Both Google Chrome and Microsoft Internet Explorer implement state-of-the-art anti-exploitation technologies, but Mozilla Firefox lags behind without JIT hardening.”
“While both Google Chrome and Microsoft Internet Explorer implement the same set of anti-exploitation technologies, Google Chrome’s plug-in security and sandboxing architectures are implemented in a more thorough and comprehensive manner. Therefore, we believe Google Chrome is the browser that is most secured against attack.”
Regarding the question of conflict of interest, Accuvant said, "[W]hile Google funded the research for this paper, Accuvant Labs was given a clear directive to provide readers with an objective understanding of relative browser security.”
Mozilla, though, does not agree with Accuvant’s findings and sees no reason to be alarmed. “Firefox includes a broad array of technologies to eliminate or reduce security threats, from platform level features like address space randomization to internal systems like our layout frame poisoning system,” said , Johnathan Nightingale, director of Firefox engineering at Mozilla.
“Sandboxing is a useful addition to that toolbox that we are investigating, but no technology is a silver bullet. We invest in security throughout the development process with internal and external code reviews, constant testing and analysis of running code, and rapid response to security issues when they emerge. We’re proud of our reputation on security, and it remains a central priority for Firefox.”