Google tested the top 5 browsers, Safari results with the most security flaws

The Project Zero team in Google has just created a browser engine DOM testing tool and tested the top 5 browsers today. The results show that Apple's Safari browser has a lot of errors.

Google tested the top 5 browsers, Safari results with the most security flaws

The Project Zero team in Google has just created a browser engine DOM testing tool and tested the top 5 browsers today. The results show that Apple's Safari browser has a lot of errors.

The tool called Domato is a security toolkit, using random data and analyzing the output to find anomalies. Google's engineer Ivan Fratric created Domato with the goal of detecting the DOM engine's error, a browser element used to read HTML and arrange in the DOM (Document Object Model), then display within the browser Users still see on the screen.

Google: errors on the DOM engine need to be prioritized

Fratric said he focused on the DOM engine because 'rarely did anyone release security updates that didn't contain at least some errors on the DOM engine'. Although Flash errors appear in many browsers, when Flash goes away (by 2020), the attacker will focus on the DOM engine. For Domato, he hopes to help check and patch security issues related to the DOM engine before it's too late.

Discover 17 security bugs in Safari's DOM engine

To demonstrate, Fratric performed tests on five popular browsers Chrome, Firefox, Internet Explorer, Edge and Safari, bringing in 100 million fuzz tests.

The results show that Safari has the most errors with 17 bugs. Behind with Edge with 6 bugs, IE and Firefox have 4 bugs and Chrome only has 2 errors. Not counting errors that are not confidential.

Fratric also pointed out that if Microsoft does not add MemGC (preventing UAF security holes) on IE and Edge, their results will be much worse.

Supplier

Browser

Engine

Error number

Project Zero Bug IDs

Google

Chrome

Blink

994, 1024

Mozilla

Firefox

Gecko

4 *

1130, 1155, 1160, 1185

Microsoft

Internet Explorer

Trident

1011, 1076, 1118, 1233

Microsoft

Edge

EdgeHtml

1011, 1254, 1255, 1264, 1301, 1309

Apple

Safari

WebKit

999, 1038, 1044, 1080, 1082, 1087, 1090, 1097, 1105, 1114, 1241, 1242, 1243, 1244, 1246, 1249, 1250

total

thirty first**

* Total is 33 but there are 2 errors affecting many browsers.
** One of the errors found in Firefox is on the Skia graphics library, not in Firefox's source code. But code errors are contributed by Mozilla engineers to Skia.

Google said it had informed the parties about new errors discovered and included a copy of Domato to enable them to check further. Fratric also puts Domato source code on GitHub https://github.com/google/domato and hopes others will use it to work on other applications, not just the browser DOM engine. Domato is also not the only tool of Google to detect security flaws, before it also had OSS Fuzz and syzkaller.

Dynamics of Google, Apple and Microsoft when the browser has a security error
while apple and google urgently sought to patch security holes in safari (cve-2017-2419) and chrome (cve-2017-5033) browsers, microsoft did not notice. this security vulnerability was discovered by cisco talos researchers in safari, chrome, and edge browsers, but microsoft believes that this security is due to design.
Top 10 best alternative web browsers for Safari on iPhone
in addition to safari, there are other browsers that bring extremely new feelings of use to users. click the article to see 10 alternative browsers safari offline!
Change the following 7 iOS settings to better Safari security
if you prefer privacy, there are many browsers you can use to remain anonymous online. however, if you use the iphone, you do not need to change the browser, safari has settings that help you increase privacy.
Google paid $ 3.4 million in bonuses for security flaws discovered in 2018
in a statement released on february 11, google said that by the end of last year, they had spent huge amounts of money, up to more than $ 15 million in bonuses for the payout program. show security error.
9 browsers replace Safari on iPhone
the safari default browser on iphone is stable and secure, but there are some limitations. if you're looking for a browser instead of safari, try one of the browsers below.
Google blacklisted some web browsers on Linux, blocking access to Google services
google has issued a notice banning a number of popular linux browsers from signing in to its services.
How to fix Safari's status is slow
safari browser is the default browser on iphonne / ipad device. however, there will be cases where the browser falls into a slow-functioning state, accessing websites not as fast as before.
Warning: Google Chrome is experiencing serious security errors, patch updates right away
recently, the department of information security (ministry of information and communications) issued a warning to vietnamese users about a serious security error (cve-2019-13720) currently exists on chrome browser.
If you are using Firefox, update it immediately to fix security
firefox is one of the best browsers available today, but it also has security flaws and you should update it immediately if you don't want to be attacked.
Google was fined $ 17 million for tracking users on Safari
safari is the apple-branded browser that is commonly used on macs and iphones / ipads. to ensure user privacy, safari blocks all tracking cookies from other websites, including google.
Google Pay is available on the web and iOS
google pay - the combined payment system google launched earlier this year - is available on chrome and android. google is also launching versions of other browsers such as safari, firefox and even ios that will soon be available.
Google changes the search engine, gives a unique answer and hides unnecessary links in some cases
since the beginning of this year, google has tested a number of major changes to its search engine, making search results only display a single direct answer instead of links like before.