Improving web browser security
July 22nd, 2009 | Published in Google Online Security
Malware is the source of a large number of reported security incidents on the Internet. Since Internet users can become infected in many different ways, the proliferation of malware is a very hard problem to solve. One part of the solution is to improve the robustness of web browsers such that security compromises due to browser bugs are minimized. We work hard to scrutinize our own code for potential vulnerabilities. We also contribute to research in this area with projects like the Browser Security Handbook and open source releases of the fuzzers involved in our software testing.
Some of you may have noticed that while working on Google Chrome, we have also discovered and responsibly reported a number of security issues in other browsers. Various scenarios lead us to report these bugs:
- Some browsers share code bases with Google Chrome, and we collaborate with those browser vendors.
- We develop generic fuzzers that are applicable to most browsers and that we want to share with others.
- We spend time analyzing behavior in different browsers, and we sometimes discover bugs in the process.
- It benefits our users and the Internet as a whole if we work collaboratively on better web browser security.