Google tested the top 5 browsers, Safari results with the most security flaws
The Project Zero team in Google has just created a browser engine DOM testing tool and tested the top 5 browsers today. The results show that Apple's Safari browser has a lot of errors.
The Project Zero team in Google has just created a browser engine DOM testing tool and tested the top 5 browsers today. The results show that Apple's Safari browser has a lot of errors.
The tool called Domato is a security toolkit, using random data and analyzing the output to find anomalies. Google's engineer Ivan Fratric created Domato with the goal of detecting the DOM engine's error, a browser element used to read HTML and arrange in the DOM (Document Object Model), then display within the browser Users still see on the screen.
Google: errors on the DOM engine need to be prioritized
Fratric said he focused on the DOM engine because 'rarely did anyone release security updates that didn't contain at least some errors on the DOM engine'. Although Flash errors appear in many browsers, when Flash goes away (by 2020), the attacker will focus on the DOM engine. For Domato, he hopes to help check and patch security issues related to the DOM engine before it's too late.
Discover 17 security bugs in Safari's DOM engine
To demonstrate, Fratric performed tests on five popular browsers Chrome, Firefox, Internet Explorer, Edge and Safari, bringing in 100 million fuzz tests.
The results show that Safari has the most errors with 17 bugs. Behind with Edge with 6 bugs, IE and Firefox have 4 bugs and Chrome only has 2 errors. Not counting errors that are not confidential.
Fratric also pointed out that if Microsoft does not add MemGC (preventing UAF security holes) on IE and Edge, their results will be much worse.
* Total is 33 but there are 2 errors affecting many browsers.
** One of the errors found in Firefox is on the Skia graphics library, not in Firefox's source code. But code errors are contributed by Mozilla engineers to Skia.
Google said it had informed the parties about new errors discovered and included a copy of Domato to enable them to check further. Fratric also puts Domato source code on GitHub https://github.com/google/domato and hopes others will use it to work on other applications, not just the browser DOM engine. Domato is also not the only tool of Google to detect security flaws, before it also had OSS Fuzz and syzkaller.
You should read it
- Quick fix error 107 net :: ERR_SSL_PROTOCOL_ERROR: SSL protocol error on Chrome browser
- Yahoo! 'sticky' security error after 1 day of launch
- Error correction 'Security error: This website requires the Google chrome security plugin' in browsers
- How to fix VPN error 619
- How to fix A20 Error when starting the computer
- Edge browser error crashes or does not work, this is a fix
- Detecting a serious error on Firefox browser may damage the operating system
- Fix the 'This site can't be reached' error in Chrome browser
- Firefox error takes up a lot of memory and CPU
- 5 solutions to fix 'DNS_Probe_Finished_Bad_Config' error in Chrome browser
- If you encounter a Firefox browser error: Could not load XPCOM, this is a fix
- Instructions on how to fix 53 error when restoring on iPhone
Maybe you are interested
Steps to enable WireGuard on ProtonVPN Microsoft adds Windows 10 HDR support to Photoshop, Lightroom 22 impressive space-saving design ideas for a small apartment 4 tips to help you ask smart questions Strangely the road disappears twice a day on the Atlantic coast The mystery of a giant 1.5-meter-long worm eating both hydrogen sulfide and rotten gas