Most Secure Browser: FF, Chrome, Edge?

Seems like M$ has just made Edge less secure:

https://blogs.windows.com/msedgedev...-capture-to-microsoft-edge-media-capture-api/

 

From the Chromium folks...

Post-Spectre Threat Model Re-Think

In light of Spectre/Meltdown, we needed to re-think our threat model and defenses for Chrome renderer processes. Spectre is a new class of hardware side-channel attack that affects (among many other targets) web browsers. This document describes the impact of these side-channel attacks and our approach to mitigating them.

 

I would not use it since George Soros has been hooked up with them since last year.

 

Trooper, what, who, where?
Mrk

 

Uh... so?

 

I've been using Chrome and Sandboxie for years but I'm just about done with this browser because of Chrome's insidious Software Reporter Tool. It's supposed to look for undesirable software that can conflict with Chrome but it's WAY too invasive, IMO.

Today I had Chrome sandboxed and I was using a screen writing program unsandboxed. Suddenly, the Software Reporter Tool kicked in. I could tell because my PC fans suddenly ramped up. Checking task manager confirmed it. I had three instances of the Software Reporter Tool suckling away at my CPU. The part that worries me is that my external hard drive (which I use to store my screen writing files) was powered down. But when the Software Reporter Tool started up my external hard drive (which is blocked in Sandboxie Control) kicked in like it was being accessed. There are other Windows events that can cause the usb drive to come out of sleep so it's probably nothing but it's still very troublesome.

The scary thing is I deleted the SwReporter folder and it still didn't stop it from running. Ending it in task manager did. I've also changed the permissions of the SwReporter folder and that didn't stop it either. The only thing that can stop it is to add *\SwReporter* in Sandboxie's resource access / file access / blocked access. I can confirm that it does work.

So I'm thinking about switching to Firefox but now I find out that there's a bug with security.sandbox.content.level value having to be lowered for it to work properly. Grrr!

 

As far as I know, not any more, since Sandboxie v5.25.4 beta: https://www.wilderssecurity.com/threads/sandboxie-acquired-by-invincea.357312/page-184#post-2757540

 

Ah, cool. Good to know. Thanks.

 

Perhaps, you could consider using another Chromium-based browser. There are several out there, and other than not updating as fast as Chrome, they should support the strict site isolation feature. And, as an added bonus, they shouldn't phone home to Google.

 

iFrame clickjacking countermeasures appear in Chrome source code. And it only took *checks calendar* three years

https://www.theregister.co.uk/2019/08/19/clickjacking_countermeasures_chrome/

 

technically i think i have understood - dynamically moving iframes, either direct by css or javascript injecting css by event.
basically iframes are not allowed here (ublock/umatrix) but i could also hit me when the source page was hacked/infected.

 

Google Chrome 77 Added New Site Isolation Security Features
https://www.bleepingcomputer.com/news/google/google-chrome-77-added-new-site-isolation-security-features/

 

Meanwhile, Firefox hasn't added this feature at all. I'm hoping they will soon, however.

 

They are doing that! It's done under the Project Fission. More details and links here. You can already enable it in the nightlies. More info on this site.

 

I dont have favorit, dont trust them all.... restric access and izolate from rest (+ monitor actvity with HIPS or similar)

 

Dear Fizbin (or anyone) -- I've been down this road too, but I'm very glad to see your solution through Sandboxie, previously unknown to me, which I will try immediately!

I had been using Chrome in Sandboxie as a means of using those many sites that don't work right in Firefox, at least with NoScript! installed. (For example, any site that requires CAPTCHA will not run on my Firefox setup.) But now, every time I use Chrome, my computer gets bogged down with its "Software Reporter Tool," which is apparently also an excuse for Google to snoop into your computer.

Obviously I'm using Firefox now as my primary browser, but I was about to remove Chrome and search for an alternative. I came hear first to see if there was a solution through Sandboxie. Thanks for this tip! -- jclarkw

 

I haven't needed to solve any CAPTCHA's in a long time, but most of the time (just about every time) in the past when I had one, all that was needed was to allow google.com. So, next time you get a CAPTCHA, if google.com appears in the NoScript menu, allow it temporarily.

Bo

 

Usually/Regularly, I'm getting those CAPTCHA requests while using any VPN add-on/proxy with ANY browser. And, probably, 100% of those Captchas are required by Google; therefore, I've started using (not as good) Bing, but NO CAPTCHAS.
LOL.

 

Use duckduckgo?

 

Yes, duckduckgo is also a good candidate.

 

With the addition of site isolation and RLBox sandboxing, is Firefox 95 close to achieving security parity with Chrome?

 

I doubt it. There is still no counterpart to the Chromium sandbox on Android from what I can tell.

 

when implementing rlbox mozilla made a real big jump in comparison to google. David succeded again vs goliath
(nice done for a very small team in comparison to googles big machinery)

 

Finding there are performance issues for me while using firefox..Slimjet is running quite smoothly though.