Recent security enhancements in web browsers (e.g. Google Chrome)
About a couple of weeks ago we talked about the new Firefox 4 security features. Today is Google's Chrome turn, due to the recently added and short term upcoming security features:
- Malicious downloads protection: Making use of Google's Safe Browsing API, Chrome will warn users when trying to download a suspected malicious executable file (starting with Windows executables, .exe) . URL: http://googleonlinesecurity.blogspot.com/2011/04/protecting-users-from-malicious.html
- Out-of-date browser plug-ins warnings: The latest Chrome version automatically warns users about any out-of-date plug-ins when they access a web page that requires a plug-in that’s not current. By default the plug-in won't run and the user will see a message to get the latest version of the plug-in. This complements the granular plug-ín blocking capabilities added to Chrome 10. URL: http://googleonlinesecurity.blogspot.com/2011/03/chrome-warns-users-of-out-of-date.html
- Due to the recent CA compromises, once again, the trustworhtiness on the Internet PKI (SSL/TLS digital certificates) is under evaluation. Some initiatives, based on digital certificate reputation services or, at the end, on DNSSEC are moving forward. URL: http://googleonlinesecurity.blogspot.com/2011/04/improving-ssl-certificate-security.html or Perspectives.
With no doubt, web browser and plug-ins security are crucial for a trusted Internet and Web browsing experience, thus improvements in this field are always welcomed.
Without entering into the web browsers wars (or debate ;) to declare which one is the best one (...all them are pieces of software), I honestly recommend you to use (or at least have handy) a few of them and use them for different purposes. Some (the web browsers you trust more) should be used for casual browsing, running in a restrictive mode (NoScript, HTTPS Everywhere, disabling plug-ins, etc) to offer you the best protection. Others should only be used for critical browsing to confidential and sensitive sites. All them are going to become victims (again) of vulnerabilities in the future, so having multiple alternatives will help you to accommodate 0-days and unpatched flaws while still be able to securely (if possible) browse the web.
In any case, always use the latest and most updated version of any web browser (with all the available plug-in updates applied): Firefox 4, Internet Explorer 9, Chrome 10, Opera 11, or Safari 5 (or any other secure web browser of your choice).
----
Raul Siles
Founder and Senior Security Analyst with Taddong
www.taddong.com
 
              
Comments