The top three internet browsers in the world were thoroughly tested for security in a recent study by the security research firm Accuvant Labs. Google’s Chrome came in first, Microsoft’s Internet Explorer came in second and Mozilla’s Firefox came in third; all three combined accounting for 93% of the global internet browser market share.
Instead of looking at historical data to see vulnerability of each browser, Accuvant instead had a more proactive approach, by looking at the anti-explotation safeguards implemented by each browser. Sandboxing, 3rd party plug-in security and JIT hardening are three key features that Chrome has successfully implemented, with Internet Explorer showing some deficiencies in. However, Firefox doesn’t have any of these technologies at all, making it one of the most vulnerable browser of the three.
“We found that Google Chrome did the most sandboxing,” Chris Valasek, who is a senior research scientist for Accuvant, told The Register. “It restricted the movements more than any other browser. Internet Explorer came up a close second because it implemented a sandbox where you could do certain things but you were allowed to do more things than you could in Chrome. Lastly, Firefox came in last because it didn’t implement a sandbox yet.”
Google Chrome 12 & 13, Internet Explorer 9 and Firefox 5 were tested for this study running on Windows 7 (32bit). As far as patching security holes is concerned, once again Google came out on top with average patch time of 53 days, followed by Mozilla with 158 days and Microsoft’s 214 days.