CommunityNews

CommunityNews

On the Analysis of Web Browser Security

SOK: On the Analysis of Web Browser Security.
Web browsers are integral parts of everyone’s daily life. They are commonly
used for security-critical and privacy sensitive tasks, like banking
transactions and checking medical records. Unfortunately, modern web browsers
are too complex to be bug free (e.g., 25 million lines of code in Chrome), and
their role as an interface to the cyberspace makes them an attractive target
for attacks. Accordingly, web browsers naturally become an arena for
demonstrating advanced exploitation techniques by attackers and
state-of-the-art defenses by browser vendors. Web browsers, arguably, are the
most exciting place to learn the latest security issues and techniques, but
remain as a black art to most security researchers because of their
fast-changing characteristics and complex code bases.
To bridge this gap, this paper attempts to systematize the security landscape
of modern web browsers by studying the popular classes of security bugs, their
exploitation techniques, and deployed defenses. More specifically, we first
introduce a unified architecture that faithfully represents the security design
of four major web browsers. Second, we share insights from a 10-year
longitudinal study on browser bugs. Third, we present a timeline and context of
mitigation schemes and their effectiveness. Fourth, we share our lessons from a
full-chain exploit used in 2020 Pwn2Own competition. and the implication of bug
bounty programs to web browser security. We believe that the key takeaways from
this systematization can shed light on how to advance the status quo of modern
web browsers, and, importantly, how to create secure yet complex software in
the future.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Where Next?

Popular General Dev topics Top

First poster: AstonJ
:tada: Launching Fig I am excited to announce that, as of today, Fig is generally available to the public for download. With our public ...
New
First poster: Maartz
This Keyboard Lets People Type So Fast It’s Banned From Typing Competitions. A new peripheral lets you keep typing without ever lifting ...
New
First poster: dimitarvp
A career ending mistake — Bitfield Consulting. As software engineers, we’re constantly making detailed, elaborate plans for computers to...
New
First poster: mindriot
LG 28-inch 16:18 DualUp Monitor with Ergo Stand and USB Type-C™ (28MQ780-B) | LG USA. Shop LG 28MQ780-B on the official LG.com website ...
New
CommunityNews
Docker on MacOS is slow and how to fix it. Thanks to the DALL·E 2, we finally have a very nice graphic representation of the feelings of...
New
First poster: bot
sqlglot/python_sql_engine.md at main · tobymao/sqlglot. Python SQL Parser and Transpiler. Contribute to tobymao/sqlglot development by c...
New
First poster: gulshan212
Why Python keeps growing, explained | The GitHub Blog. A deep dive into why more people are using Python than ever, its key use cases, a...
New
CommunityNews
Apple Patents Suggest Future AirPods Could Monitor Biosignals & Brain Activity - AppleMagazine. The US Patent & Trademark Office...
New
First poster: dyowee
A Go package for building Progressive Web Apps. A package for building progressive web apps (PWA) with the Go programming language (Gola...
New
CommunityNews
A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...
New

Other popular topics Top

New
PragmaticBookshelf
Design and develop sophisticated 2D games that are as much fun to make as they are to play. From particle effects and pathfinding to soci...
New
AstonJ
SpaceVim seems to be gaining in features and popularity and I just wondered how it compares with SpaceMacs in 2020 - anyone have any thou...
New
DevotionGeo
I know that -t flag is used along with -i flag for getting an interactive shell. But I cannot digest what the man page for docker run com...
New
PragmaticBookshelf
Rust is an exciting new programming language combining the power of C with memory safety, fearless concurrency, and productivity boosters...
New
PragmaticBookshelf
Build highly interactive applications without ever leaving Elixir, the way the experts do. Let LiveView take care of performance, scalabi...
New
gagan7995
API 4 Path: /user/following/ Method: GET Description: Returns the list of all names of people whom the user follows Response [ { ...
New
First poster: joeb
The File System Access API with Origin Private File System. WebKit supports new API that makes it possible for web apps to create, open,...
New
PragmaticBookshelf
Author Spotlight: Karl Stolley @karlstolley Logic! Rhetoric! Prag! Wow, what a combination. In this spotlight, we sit down with Karl ...
New
DevotionGeo
I have always used antique keyboards like Cherry MX 1800 or Cherry MX 8100 and almost always have modified the switches in some way, like...
New