Google-funded Study Found Chrome to be Safest Browser

Other than previous studies by the firm, which often focused on quantitative comparisons such as the number of vulnerabilities affecting a browser, Accuvant took a different approach and investigated the "anti-exploitation" features included in a browser. The result? Chrome is the most secure browser, followed by IE and then Firefox. Also noteworthy is the conclusion that frequently praised URL blacklisting isn't working effectively.

According to the study, which stretches itself over more than 100 pages, with 25 pages of explanation why traditional methods of security evaluations of browser may not be useful, Chrome wins because of its most comprehensive support of address space layout randomization (ASLR), data execution prevention (DEP), stack cookies, sandboxing, and JIT hardening. Chrome largely wins the comparison because of its sandboxing features, which are only partially in IE and Firefox. IE has the best implementation of JIT hardening, followed closely by Chrome. Firefox lacked all tested JIT hardening features.

While Accuvant did not compare the browsers' security based on the number of vulnerabilities, the researchers said that, during the timeframe of the study, Mozilla patched 449 vulnerabilities, Google 321 and Microsoft 168. Microsoft requires, on average, 214 days to patch a vulnerability, Mozilla 158 and Google 53. Accuvant stated that it would be speculation to draw any security conclusions from those numbers.

However, the company spent quite some time on evaluating URL blacklisting services, which is called Smartscreen Filter in IE, Safe Browsing List in Chrome. Between July 23, 2011 through July 30, 2011, Accuvant tested the browsers against an average of 5960 URLs containing malware per day and concluded, "no URL blacklisting service is fully comprehensive, and that any antipattern-based defensive measure is, by definition, imperfect." As a result, the firm advices that "blacklisting services should be considered a part of the overall browser defense model, rather than the only perimeter an attacker must traverse."

This result contradicts a previous survey by NSS Labs, which found that IE's Smartscreen Filter helps to capture nearly all socially engineered malware attacks. Accuvant found that "neither Google’s Safe Browsing service nor Microsoft’s URS appears to provide a fully comprehensive snapshot of all malware in the wild at any given point in time."

  • no opera or safari? joke.
    Reply
  • DroKing
    I smell paid off people.
    Reply
  • wintermint
    laupoijasdfno opera or safari? joke.
    They said most popular. It's usually between chrome and firefox but you can't leave internet explorer out o.o
    Reply
  • runswindows95
    Title says it all. Of course a Google-funded study will find Chrome to be the safest. It's like having HP fund a study about printers, and the results say HP makes the best printers.
    Reply
  • cmartin011
    oh this does not surprise me...
    Reply
  • cmartin011
    paid off? want to keep your job? lol
    Reply
  • N.Broekhuijsen
    Read title = read article


    OOh but it works!
    Reply
  • A Bad Day
    Obviously there's little chance that the researchers were encouraged to treat Chrome more friendly! It's not like Google's money had any influence over them!

    /sarcasm
    Reply
  • arael
    Microsoft funds a study that finds IE to be the safest browser.
    Google funds a study that finds Chrome to be the safest browser.

    I fund a study that finds out that I'm having chicken pad thai for lunch, also that I am the safest browser.
    Reply
  • genjuro_x00
    Of course the study found chrome safer. It was done by Google! Bias much?! Do you really think that Google would come out and say "Well, as compared to other browsers, our was less secure and glitchy."
    Reply