Browser Security News

Security exploits still target browser vulnerabilities, but attacks on browser plug-ins and vulnerable third-party controls such as Flash and Acrobat are becoming more common. That means Firefox users need to be as cautious as users of Internet Explorer.

Apple yesterday added anti-phishing protection to Safari, the last major browser to receive the feature that blocks known identity-stealing sites. The company also patched 11 security bugs in the program, the bulk of them specific to the Microsoft Windows version.

On Thursday, Apple released Safari 3.2. Although the update affects both Mac and Windows users, many of the Mac updates were provided in Apple’s October update for Mac OS X users. The update includes eight fixes specific to Safari and three specific to Webkit.

While operating-system attacks are decreasing, attacks on applications are rising along with malware and unwanted software, according to the Microsoft Security Intelligence Report. Microsoft said 30 percent of the malware was Trojan-based, and China accounted for 50 percent of browser based attacks, while the U.S. was second at 23 percent.

The source code underlying Google’s Chrome Web browser suggests that Google used a reverse-engineering technique called disassembly to figure out how to employ a useful Windows Vista security feature, but the company said it did not, in fact, do so.

Users should wait to use Google Chrome after its vulnerabilities were exposed. Randy Abrams, director of Technical Education at ESET, claimed that as vulnerable code was used users should only use Chrome when they are not viewing sensitive pages.

As CNET News first reported last week, Internet Explorer 8 will include a way to surf somewhat anonymously, allowing the user to suspend browsing history, cookies, and other identifying information. Mozilla had considered such a feature for its Firefox 3 release, but dropped it for technical reasons. Apple Safari also includes a similar feature.

Carnegie-Mellon University Monday announced it’s making available a free add-on to Mozilla Firefox 3.0 that’s intended to boost browser security. The Firefox add-on was developed at the university’s School of Computer Science and College of Engineering and is available for download here.

Mozilla Messaging patched nine security vulnerabilities in Thunderbird yesterday, the first time it has plugged holes in the e-mail software since early May. Thunderbird 2.0.0.16, which was added to Mozilla’s download servers late Wednesday, quashes nine bugs, including one that was patched last week in Firefox, the company’s open-source browser.

The main responsibility for online security lies with your browser. It’s the browser’s security and privacy settings that keep malicious code such as Trojans or spyware out, warn you when you visit potentially unsafe websites or download content from a suspicious source, and protect you from online fraud and identity theft.