CommunityNews

CommunityNews

On the Analysis of Web Browser Security

SOK: On the Analysis of Web Browser Security.
Web browsers are integral parts of everyone’s daily life. They are commonly
used for security-critical and privacy sensitive tasks, like banking
transactions and checking medical records. Unfortunately, modern web browsers
are too complex to be bug free (e.g., 25 million lines of code in Chrome), and
their role as an interface to the cyberspace makes them an attractive target
for attacks. Accordingly, web browsers naturally become an arena for
demonstrating advanced exploitation techniques by attackers and
state-of-the-art defenses by browser vendors. Web browsers, arguably, are the
most exciting place to learn the latest security issues and techniques, but
remain as a black art to most security researchers because of their
fast-changing characteristics and complex code bases.
To bridge this gap, this paper attempts to systematize the security landscape
of modern web browsers by studying the popular classes of security bugs, their
exploitation techniques, and deployed defenses. More specifically, we first
introduce a unified architecture that faithfully represents the security design
of four major web browsers. Second, we share insights from a 10-year
longitudinal study on browser bugs. Third, we present a timeline and context of
mitigation schemes and their effectiveness. Fourth, we share our lessons from a
full-chain exploit used in 2020 Pwn2Own competition. and the implication of bug
bounty programs to web browser security. We believe that the key takeaways from
this systematization can shed light on how to advance the status quo of modern
web browsers, and, importantly, how to create secure yet complex software in
the future.

Read in full here:

This thread was posted by one of our members via one of our news source trackers.

Where Next?

Popular General Dev topics Top

First poster: AstonJ
We engineered a wearable microphone jammer that is capable of disabling microphones in its user’s surroundings, including hidden micropho...
New
First poster: dimitarvp
A career ending mistake — Bitfield Consulting. As software engineers, we’re constantly making detailed, elaborate plans for computers to...
New
First poster: bot
Rewrite it in Rust by ridiculousfish · Pull Request #9512 · fish-shell/fish-shell. (Sorry for the meme; also this is obligatory.) I thi...
New
New
First poster: bot
zig/http.zig at 7cf2cbb33ef34c1d211135f56d30fe23b6cacd42 · ziglang/zig. General-purpose programming language and toolchain for maintaini...
New
First poster: KnowledgeIsPower
Building a Slack/Discord alternative with Tauri/Rust linen <span class="hashtag-icon-placeholder"></span>blog. Introduction My name is K...
New
CommunityNews
A Brief Review of the Minisforum V3 AMD Tablet. Update: I have created an awesome-minisforum-v3 GitHub repository to list information fo...
New
First poster: alvinkatojr
Over the last decade, we’ve seen great advancements in distributed systems, but the way we program them has seen few fundamental improvem...
New
First poster: chris.johan
Skype’s days appear to be numbered, as a hidden string in the latest Skype for Windows preview suggests Microsoft will shutter the servic...
New
First poster: alvinkatojr
About accelerationism, NRx, and the intersection of technology, religion, and philosophy: an analysis of the essential ideas in the new A...
New

Other popular topics Top

AstonJ
What chair do you have while working… and why? Is there a ‘best’ type of chair or working position for developers?
New
brentjanderson
Bought the Moonlander mechanical keyboard. Cherry Brown MX switches. Arms and wrists have been hurting enough that it’s time I did someth...
New
New
AstonJ
In case anyone else is wondering why Ruby 3 doesn’t show when you do asdf list-all ruby :man_facepalming: do this first: asdf plugin-upd...
New
DevotionGeo
The V Programming Language Simple language for building maintainable programs V is already mentioned couple of times in the forum, but I...
New
PragmaticBookshelf
Author Spotlight James Stanier @jstanier James Stanier, author of Effective Remote Work , discusses how to rethink the office as we e...
New
PragmaticBookshelf
Build efficient applications that exploit the unique benefits of a pure functional language, learning from an engineer who uses Haskell t...
New
First poster: joeb
The File System Access API with Origin Private File System. WebKit supports new API that makes it possible for web apps to create, open,...
New
PragmaticBookshelf
Author Spotlight Rebecca Skinner @RebeccaSkinner Welcome to our latest author spotlight, where we sit down with Rebecca Skinner, auth...
New
husaindevelop
Inside our android webview app, we are trying to paste the copied content from another app eg (notes) using navigator.clipboard.readtext ...
New