Home
Tech info
Technology
Science
Life
Application
Electric
Program
Mobile
Windows 10
Windows 11Google tested the top 5 browsers, Safari results with the most security flaws
The Project Zero team in Google has just created a browser engine DOM testing tool and tested the top 5 browsers today. The results show that Apple's Safari browser has a lot of errors.
The tool called Domato is a security toolkit, using random data and analyzing the output to find anomalies. Google's engineer Ivan Fratric created Domato with the goal of detecting the DOM engine's error, a browser element used to read HTML and arrange in the DOM (Document Object Model), then display within the browser Users still see on the screen.
Google: errors on the DOM engine need to be prioritized
Fratric said he focused on the DOM engine because 'rarely did anyone release security updates that didn't contain at least some errors on the DOM engine'. Although Flash errors appear in many browsers, when Flash goes away (by 2020), the attacker will focus on the DOM engine. For Domato, he hopes to help check and patch security issues related to the DOM engine before it's too late.
Discover 17 security bugs in Safari's DOM engine
To demonstrate, Fratric performed tests on five popular browsers Chrome, Firefox, Internet Explorer, Edge and Safari, bringing in 100 million fuzz tests.
The results show that Safari has the most errors with 17 bugs. Behind with Edge with 6 bugs, IE and Firefox have 4 bugs and Chrome only has 2 errors. Not counting errors that are not confidential.
Fratric also pointed out that if Microsoft does not add MemGC (preventing UAF security holes) on IE and Edge, their results will be much worse.
* Total is 33 but there are 2 errors affecting many browsers.
** One of the errors found in Firefox is on the Skia graphics library, not in Firefox's source code. But code errors are contributed by Mozilla engineers to Skia.
Google said it had informed the parties about new errors discovered and included a copy of Domato to enable them to check further. Fratric also puts Domato source code on GitHub https://github.com/google/domato and hopes others will use it to work on other applications, not just the browser DOM engine. Domato is also not the only tool of Google to detect security flaws, before it also had OSS Fuzz and syzkaller.
Samuel DanielYou should read it
- Error correction 'Security error: This website requires the Google chrome security plugin' in browsers
- How to fix VPN error 619
- How to fix A20 Error when starting the computer
- Edge browser error crashes or does not work, this is a fix
- Detecting a serious error on Firefox browser may damage the operating system
- Fix the 'This site can't be reached' error in Chrome browser
- Firefox error takes up a lot of memory and CPU
- 5 solutions to fix 'DNS_Probe_Finished_Bad_Config' error in Chrome browser
May be interested
- DDoS Attack Group Extortion sent requests to extort money to thousands of companies
a group of ddos extortion attackers, known as phantom squad, have sent many spam messages to thousands of companies, threatening ddos attacks on september 30 if victims don't pay. - The newly released macOS has detected a serious security vulnerabilitynewly released to the public today as apple's latest macos high sierra operating system has an important security hole, allowing hackers to access plainted keychain data.
- Russia threatened to ban Facebook, China blocked WhatsApp, South Korea considered banning Tumblrrussian officials say they will consider banning facebook from early 2018 if the social network refuses to abide by their country's new user protection and privacy regulations.
- The malware owner earned $ 63,000 from digging Monero on the IIS servermalware authors have earned about $ 63,000 in 5 months by hacking iis 6.0 servers and digging monero.
- Windows computer worm forces users to view Homestar Runnerw32 / lacon-a is a computer virus that has been around since the mid-2000s. at that time, it was very classic with spam like email, registry or cameo homestar runner.
- Hackers use simple tricks to steal Ethereum worth 7 million dollars in 3 minutesit only takes 3 minutes and 'a simple trick' is that this hacker stole 7 million ethereum, news that shook the virtual money market.
Attack the network
Dynamics of Google, Apple and Microsoft when the browser has a security error- Serious security vulnerabilities in Safari and Chrome have existed for 18 years
- Top 10 best alternative web browsers for Safari on iPhone
- Change the following 7 iOS settings to better Safari security
- Google paid $ 3.4 million in bonuses for security flaws discovered in 2018
Dynamics of Google, Apple and Microsoft when the browser has a security error
Serious security vulnerabilities in Safari and Chrome have existed for 18 years
Top 10 best alternative web browsers for Safari on iPhone
Change the following 7 iOS settings to better Safari security
Google paid $ 3.4 million in bonuses for security flaws discovered in 2018