Browser security\u00c2\u00a0is the application of\u00c2\u00a0Internet security\u00c2\u00a0to\u00c2\u00a0web browsers\u00c2\u00a0in order to protect\u00c2\u00a0networked\u00c2\u00a0data and\u00c2\u00a0computer systems\u00c2\u00a0from breaches of privacy or\u00c2\u00a0malware. Security exploits of\u00c2\u00a0browsers\u00c2\u00a0often use\u00c2\u00a0JavaScript\u00c2\u00a0\u00e2\u20ac\u201d sometimes with\u00c2\u00a0cross-site scripting\u00c2\u00a0(XSS) \u00e2\u20ac\u201d sometimes with a secondary payload using\u00c2\u00a0Adobe Flash.\u00c2\u00a0Security exploits can also take advantage of\u00c2\u00a0vulnerabilities\u00c2\u00a0(security holes) that are commonly exploited in all\u00c2\u00a0browsers\u00c2\u00a0(including\u00c2\u00a0Mozilla Firefox,\u00c2\u00a0Google Chrome,\u00c2\u00a0Opera,\u00c2\u00a0Microsoft Internet Explorer and\u00c2\u00a0Safari.<\/p>\n
Web browsers can be breached in one or more of the following ways:<\/p>\n
The browser may not be aware of any of the breaches above and may show user a safe connection is made.<\/p>\n
Whenever a browser communicates with a website, the website, as part of that communication, collects some information about the browser (in order to process the formatting of the page to be delivered, if nothing else).\u00c2\u00a0If malicious code has been inserted into the website’s content, or in a worst-case scenario, if that website has been specifically designed to host malicious code, then vulnerabilities specific to a particular browser can allow this malicious code to run processes within the browser application in unintended ways (and remember, one of the bits of information that a website collects from a browser communication is the browser’s identity- allowing specific vulnerabilities to be exploited).<\/p>\n
Once an attacker is able to run processes on the visitor’s machine, then exploiting known security vulnerabilities can allow the attacker to gain privileged access (if the browser isn’t already running with privileged access) to the “infected” system in order to perform an even greater variety of malicious processes and activities on the machine or even the victim’s whole network.<\/p>\n
Breaches of web browser security are usually for the purpose of bypassing protections to display\u00c2\u00a0pop-up advertising\u00c2\u00a0collecting\u00c2\u00a0personally identifiable information\u00c2\u00a0(PII) for either\u00c2\u00a0Internet marketing\u00c2\u00a0or\u00c2\u00a0identity theft,\u00c2\u00a0website tracking\u00c2\u00a0or\u00c2\u00a0web analytics\u00c2\u00a0about a user against their will using tools such as\u00c2\u00a0web bugs,\u00c2\u00a0Clickjacking,\u00c2\u00a0Likejacking\u00c2\u00a0(where\u00c2\u00a0Facebook’s\u00c2\u00a0like button\u00c2\u00a0is targeted),\u00c2\u00a0HTTP cookies,\u00c2\u00a0zombie cookies\u00c2\u00a0or\u00c2\u00a0Flash cookies\u00c2\u00a0(Local Shared Objects or LSOs);\u00c2\u00a0installing\u00c2\u00a0adware,\u00c2\u00a0viruses,\u00c2\u00a0spyware\u00c2\u00a0such as\u00c2\u00a0Trojan horses\u00c2\u00a0(to gain access to users’\u00c2\u00a0personal computers\u00c2\u00a0via\u00c2\u00a0cracking) or other\u00c2\u00a0malware\u00c2\u00a0including\u00c2\u00a0online banking\u00c2\u00a0theft using\u00c2\u00a0man-in-the-browser\u00c2\u00a0attacks.<\/p>\n
Vulnerabilities in the web browser software itself can be minimized by keeping browser software updated,\u00c2\u00a0but will not be sufficient if the underlying operating system is compromised, for example, by a rootkit.\u00c2\u00a0Some sub-components of browsers such as scripting, add-ons, and cookies\u00c2\u00a0are particularly vulnerable (“the\u00c2\u00a0confused deputy problem”) and also need to be addressed.<\/p>\n
The above is a brief about Browser Security. Watch this space for more updates on the latest trends in Technology.<\/p>\n","protected":false},"excerpt":{"rendered":"
Browser security\u00c2\u00a0is the application of\u00c2\u00a0Internet<\/p>\n","protected":false},"author":1,"featured_media":1369,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[189,823,7],"tags":[190,824,18],"class_list":["post-1368","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-browser-security","category-internet-security","category-techtrends","tag-browser-security","tag-internet-security","tag-technology"],"_links":{"self":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1368","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/comments?post=1368"}],"version-history":[{"count":1,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1368\/revisions"}],"predecessor-version":[{"id":1370,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/posts\/1368\/revisions\/1370"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media\/1369"}],"wp:attachment":[{"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/media?parent=1368"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/categories?post=1368"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.amt.in\/index.php\/wp-json\/wp\/v2\/tags?post=1368"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}