HomeTech infoAttack the network

Google tested the top 5 browsers, Safari results with the most security flaws

The Project Zero team in Google has just created a browser engine DOM testing tool and tested the top 5 browsers today. The results show that Apple's Safari browser has a lot of errors.

The tool called Domato is a security toolkit, using random data and analyzing the output to find anomalies. Google's engineer Ivan Fratric created Domato with the goal of detecting the DOM engine's error, a browser element used to read HTML and arrange in the DOM (Document Object Model), then display within the browser Users still see on the screen.

Google: errors on the DOM engine need to be prioritized

Fratric said he focused on the DOM engine because 'rarely did anyone release security updates that didn't contain at least some errors on the DOM engine'. Although Flash errors appear in many browsers, when Flash goes away (by 2020), the attacker will focus on the DOM engine. For Domato, he hopes to help check and patch security issues related to the DOM engine before it's too late.

Discover 17 security bugs in Safari's DOM engine

To demonstrate, Fratric performed tests on five popular browsers Chrome, Firefox, Internet Explorer, Edge and Safari, bringing in 100 million fuzz tests.

The results show that Safari has the most errors with 17 bugs. Behind with Edge with 6 bugs, IE and Firefox have 4 bugs and Chrome only has 2 errors. Not counting errors that are not confidential.

Fratric also pointed out that if Microsoft does not add MemGC (preventing UAF security holes) on IE and Edge, their results will be much worse.

Supplier
Browser
Engine
Error number
Project Zero Bug IDs
Google
Chrome
Blink
2
994, 1024
Mozilla
Firefox
Gecko
4 *
1130, 1155, 1160, 1185
Microsoft
Internet Explorer
Trident
4
1011, 1076, 1118, 1233
Microsoft
Edge
EdgeHtml
6
1011, 1254, 1255, 1264, 1301, 1309
Apple
Safari
WebKit
17
999, 1038, 1044, 1080, 1082, 1087, 1090, 1097, 1105, 1114, 1241, 1242, 1243, 1244, 1246, 1249, 1250
total
thirty first**

* Total is 33 but there are 2 errors affecting many browsers.
** One of the errors found in Firefox is on the Skia graphics library, not in Firefox's source code. But code errors are contributed by Mozilla engineers to Skia.

Google said it had informed the parties about new errors discovered and included a copy of Domato to enable them to check further. Fratric also puts Domato source code on GitHub https://github.com/google/domato and hopes others will use it to work on other applications, not just the browser DOM engine. Domato is also not the only tool of Google to detect security flaws, before it also had OSS Fuzz and syzkaller.

4.5 ★ | 2 Vote
Security errorbrowser error

You should read it

May be interested

  • Google was fined $ 17 million for tracking users on SafariGoogle was fined $ 17 million for tracking users on Safari
    safari is the apple-branded browser that is commonly used on macs and iphones / ipads. to ensure user privacy, safari blocks all tracking cookies from other websites, including google.
  • Google releases emergency security patch, fixes 4 security flaws on ChromeGoogle releases emergency security patch, fixes 4 security flaws on Chrome
    google has just rolled out another urgent security update for its browser to fix a number of known issues.
  • 6 Safari Settings to Change to Improve Your Mac Browsing Experience6 Safari Settings to Change to Improve Your Mac Browsing Experience
    people use safari as their default browser on their mac because it's better optimized for macos and uses less power. it also offers more functionality than other browsers.
  • Google Pay is available on the web and iOSGoogle Pay is available on the web and iOS
    google pay - the combined payment system google launched earlier this year - is available on chrome and android. google is also launching versions of other browsers such as safari, firefox and even ios that will soon be available.
  • Google changes the search engine, gives a unique answer and hides unnecessary links in some casesGoogle changes the search engine, gives a unique answer and hides unnecessary links in some cases
    since the beginning of this year, google has tested a number of major changes to its search engine, making search results only display a single direct answer instead of links like before.
  • How to fix 5 Safari bugs on iPhoneHow to fix 5 Safari bugs on iPhone
    safari is the most popular and used browser on the iphone. however, when you encounter a problem, safari is also frustrating for users especially when you can't access the network and try to fix it. here are 5 common reasons why safari doesn't work and how to fix it.
  • Protect your Web browserProtect your Web browser
    today, browsers like internet explorer, mozilla firefox and safari ... are installed on most computers. because browsers are used on a regular basis, the issue of ensuring it is safe is one
  • Show details of website addresses on SafariShow details of website addresses on Safari
    unlike other browsers running windows operating systems, the safari browser on mac os x only allows displaying part of the web link in the address bar. if you want this link to display fully, users can follow the following steps.
  • Overview of Firefox 4Overview of Firefox 4
    too many changes in the world of web browsers have taken place since the launch of firefox 3.0 in june 2008. google chrome exploded in the market and regularly updated since its launch. safari developed version 3 and then to the current version 5.
  • How to open recently closed tabs on iPhone or iPadHow to open recently closed tabs on iPhone or iPad
    modern mobile browsers allow you to reopen recently closed tabs, just like desktop browsers. in apple's safari browser for iphone and ipad, this feature is hidden, but you can use it if you know how. you can also reopen closed tabs in google chrome and other third-party browsers on iphone or ipad.

Attack the network