Is Firefox or Chrome the more secure web browser? I know there have been some recent changes and additions with...
both browsers, so with the latest developments in mind, what's the better option?
Browsers are most people's windows to the digital world and browser vendors are constantly striving to make them faster and safer to maintain or capture market share. There will always be a debate about which is the best or most secure browser, with proponents of each marque convinced their favorite is the number one. It can be difficult to find completely unbiased research or statistics on how secure a particular browser is compared to its rivals; a lot of research into browser security is often sponsored by a particular vendor, which invariably comes out as the winner. For example, a Google-funded study of browser security in 2011 found Google Chrome to be the most secure web browser against attack, and ranked Firefox below Internet Explorer, while in 2013, NSS Labs reported Internet Explorer 10 users were far less likely to suffer malware infections while web browsing, but the test parameters seemed biased toward Microsoft's SmartScreen technology.
Browserscope is a community-driven project for profiling web browsers and ranks Chrome as a more web secure browser than Firefox, but this is based only on certain types of attack vectors. The Vulnerability Review 2016 by Flexera Software reports 1,114 new vulnerabilities were discovered in the five most popular browsers in 2015, the majority being rated as highly critical. Chrome had 516 vulnerabilities compared to Firefox's 254. This isn't surprising as Firefox has a more mature codebase, along with an active open source developer community. There were slightly more Firefox users who remained unpatched, though this may well be due to Firefox being installed as a second browser and used on a lot less regular basis. Certainly most surveys, NetMarketShare and StatCounter for example, put Chrome well ahead of Firefox in terms of numbers of users.
Numbers and stats aside, the security differences in the top browsers are fairly minimal; Chrome and Firefox both use Google's Safe Browsing API to detect potentially dangerous sites. When new features are introduced by one vendor, they tend to be quickly emulated by the others, although it will be interesting to see whether they emulate Opera, which has introduced a free VPN tool as standard, with unlimited VPN data. Firefox and Chrome extensions can provide additional security, though the nontechnical user may not be aware of them or understand how best to use them. Although both browsers offer a private session option, which prevents the storage of history, temporary internet files and cookies, users who are concerned about privacy may prefer Firefox as it's fully open source and developed by the Mozilla Foundation, whereas Chrome is closed source software developed by Google, whose business model relies on profiling people's browsing habits and preferences.
The other key component of a secure web browser is the user. Whichever browser someone chooses, there's a limit to the protection it can provide if they don't follow safe browsing habits. The Internet Safety Project is just one of many resources on the web that provide advice on how to use the internet safely. Keeping browser and other computer software up to date is also extremely important to remain safe while online.
Ask the Expert: Want to ask Michael Cobb a question about application security? Submit your questions now via email. (All questions are anonymous.)
Find out which browser is more secure against socially engineered malware
Learn if opportunistic encryption can contribute to browser security
Discover more about using Citrix Secure Browser to publish web apps
Dig Deeper on Web browser security
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading