Most Secure Browser: FF, Chrome, Edge?

Does anyone know how the security of Firefox 57.x now compares with Chrome (and Edge)? As I understand it, FF is starting to sandbox things, but I doubt it is up to the level of Chrome, especially now that you can enable strict site isolation in Chrome (with some caveats). According to Google, the Strict Site Isolation feature puts "even stronger security boundaries between websites than Chrome’s existing sandboxing technology." Apparently, Google introduced this feature in response to Microsoft introducing Windows Defender Application Guard (WDAG), which allows Edge to be run in an isolated hardware environment. "In October, Microsoft said that WDAG marked a major breakthrough in sandbox technology since it offers a shield against attacks on the kernel, which is unprotected if an attack escapes the browser sandbox."

I think hardware-based isolation would be the most secure, however, WDAG can only be enabled on Windows 10 Enterprise edition (fingers crossed it trickles down). So, it seems to me that Chrome is currently the most secure option that is widely available. Furthermore, with all of that new code in FF, security vulnerabilities are very likely.

 

Chrome is most secure, but not most privacy-minded.
IMHO Firefox is reasonably secure if updated fast enough. You could also add additional sandbox based on Sandboxie or at least run Firefox as different user.

 

I agree, Chrome is probably the most secure, but it's way to resource hungry and bare bones for me. Firefox protected with anti-exploit or whitelisting and sandboxing is good enough security, never had a problem with it. Of course, ad-blockers will also help a lot against browser exploitation.

 

I also believe that Chrome is the most secure browser, but I don't see why you say it's 'too resource hungry'. Is that just your observation or can you point to some browser comparison that substantiates your claim?

Happy 2018

 

I forgot to update this thread with the news that Windows 10 Professional will also be able to support WDAG in the upcoming Spring Creators Update. Assuming WDAG can only be enabled for Edge, I think that makes Edge more secure than Chrome, despite what the Chrome developers may say to the contrary. Unfortunately for me, I only have Windows 10 Home

 

I find this very subjective.
depends what sort of security you speak about.In terms of certificate security then firefox is much better and i personally would be more worried about a compromised financial site then some potential trojan dropping on my system.

 

Fair point, The Red Moon. That's why I periodically run RCC.exe.

 

Of course running Edge in a virtual machine that gets deleted on shutdown is more secure than Chrome could ever be without a similar feature. The question is if Microsoft will open up WDAG to other browsers or if they will keep this an Edge feature. Google seems to be against virtualization for security so even if Microsoft allows Chrome to use WDAG it's not certain they will use it in the first place.

 

Here's an interesting article on Medium.com by the engineering lead for Chrome security that predates Microsoft's announcement of WDAG: Securing Browsers Through Isolation Versus Mitigation

 

Although mixed with some marketing, this article has some good details on the pros and cons of Microsoft's approach: Browser Isolation with Microsoft Windows Defender Application Guard (WDAG): What It Does, How It Works and What It Means

 

Everyone knows that Chromium based browsers like Chrome, Opera and Vivaldi are way too heavy. Try to open 50 tabs and see what happens. Like I said, FF protected with third party sandbox and AE is strong enough security.

Thanks, will do some reading. And yes, M$ basically took this idea from Bromium.

 

Bromium rocks! I just wish it was available for personal use. It's mega $$$.

 

50 tabs?! ...I have never had a need for more than 6 tabs to be open at any one time so I don't notice any lack of performance.

 

I sometimes opened up to 30 tabs, but it was distracting, so I don't do that anymore. I try to open no more than 5 tabs.

 

Google Chrome most resilient against attacks, researchers find
https://www.helpnetsecurity.com/2017/09/19/google-chrome-most-resilient-against-attacks/

 

ah which bizarrely enough was sponsered by google lol

 

They are aware of it

 

To me, it is more frustrating that Firefox was not included in the analysis.

 

No surprises here that chrome comes out on top. And even though it's not perfect, the experimental strict site isolation feature under chrome://flags in the beta results in further security restrictions than before.

 

Hm, I wonder how this compares with Containers and First-Party Isolation in Firefox.

Containers not only provide privacy benefits but also improve security:

I'm using it with the Temporary Containers add-on which opens all tabs in temporary containers.

First-Party Isolation restricts cookies, cache and other data access to the domain level. It's an implementation of the Cross-Origin Identifier Unlinkability feature in the Tor browser.

 

As I have a network drive that can run Firefox (since it runs Linux) I should be able to run that and interact with it using an X windows client on Windows 10. However, for now I am using the latest firefox running inside Sandboxie. I think its important to use as few add-ons as possible to minimise the attack surface.

 

add ons are not the problem for attacks - there are plugins to attack and javascript flaws. addons should be kept current to avoid old an vulnerable code. "current" means not the latest build which may be in 2011 - minimal 2017 should be present as a date! too much people running old crap and think they are secure. firefox in sandboxie dont have many advantages. a decent security concept should run it live. but with a license you can gamble around with firefox options such as force cache, or force plugins, force downloads, force temp in the box. that wont have side effects like complete in the box. concerning profile - if some hit your profile inside there is really trouble outside.

 

@summerheat,

I can't comment on Firefox because I don't have nearly the understanding of its workings as that of Chromium. There is also, however, the fact chrome runs its renderers at untrusted integrity level, something which I don't see with FF, where "low" is the lowest IL it achieves with its processes. Anyway, too bad FF wasn't tested; I'd be interested to see how it fares.

 

Ah, yes - on Windows. Well, I'm not worried since I'm running Linux. Don't you run it anymore?

 

On Linux Chrome/Chromium is also sandboxed and renderer processes have dropped privileges. It only uses other Linux kernel features to do that (IIRC seccomp and others).