Google’s Chrome Browser continues to flex its muscles as the most popular way to surf the web. This week Chrome is showing of superiority in the areas of application security.
At the 10th annual Pwn2Own event, held at the CanSecWest security conference in Vancouver, contestants competed to exploit vulnerabilities in various browsers and software applications. Among the test subjects were Microsoft’s Edge browser, Mozilla Firefox, Apple Safari and of course, Google Chrome for desktop.
Winners who successfully “hack” a system in the allotted time are awarded cash prizes based on the type and degree of weakness exploited. While this all seems a little anxiety-inducing for the average user, it’s actually a very ingenious way for developers to discover what is referred to as “zero day vulnerabilities.”
The three day even saw Microsoft Edge take a pretty hefty beating with 5 exploits resulting in a total of almost $300,000 in bounties for the successful teams. The Edge browser, as of late, has touted itself as being a miser when it comes to system resources and hasn’t been shy about trying to dethrone Google Chrome citing it as a resource hog. It looks as though the focus on speed has left Edge sorely lacking in the security department.
On to Apple. The Safari browser was successfully attacked three and half times. (a half due to one issue already having a fix queued in the beta build) Total bounties for the teams were roughly $145,000 dollars. One particular attack allowed hackers to elevate privileges in Mac OS leaving the system vulnerable. While better that Microsoft, Safari had a rough time of it this year.
Two attempts were made against Mozilla’s Firefox with one being successful. Firefox has recently implemented partial sandboxing and is anticipated to beef up security in the coming year.
Google Chrome, for the most part, walked away from the event unscathed. Team Sniper was able to hack the browser but failed to do so in the allotted time.
At this point I do have to report objectively that only one attempt was made to hack Google Chrome as the systems are picked at random for the teams to attack. For all intents and purposes, Google Chrome has claimed the title as the most secure browser of 2017. That doesn’t mean it’s impenetrable. The Google Chrome team works tirelessly to uncover and patch security issues and keep the browser up-to-date with new releases every six weeks.
If security is important to you, Google Chrome is definitely our choice to stay safe on the web.
Source: Zero Day Initiative via Tom’s Hardware