Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17
Like Tree2Likes
This link reports on the most vulnerable software packages of 2013. As you might expect, Internet Explorer tops the list, followed by Java. But surprisingly Chrome comes third. I know ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Linux Engineer hazel's Avatar
    Join Date
    May 2004
    Location
    Harrow, UK
    Posts
    1,277

    A warning about Chrome


    This link reports on the most vulnerable software packages of 2013.

    As you might expect, Internet Explorer tops the list, followed by Java. But surprisingly Chrome comes third. I know quite a few people here use it, so you might want to read further.
    "I'm just a little old lady; don't try to dazzle me with jargon!"
    www.hrussman.entadsl.com

  2. #2
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    949
    I went back to Firefox about a year ago, Chrome was getting to flaky and slow especially the Mac version, with this even more reasons to not use it. I think Google is trying to move to fast these days and that's when things get sloppy.

  3. #3
    Linux Enthusiast cousinlucky's Avatar
    Join Date
    Dec 2005
    Location
    New York City
    Posts
    676
    Thanks Hazel!! With all of the vast Linux distros being created I wonder why there have not been a lot of very secure browsers created for Linux users?
    PCLinuxOS Gnome and PCLinuxOS Mate
    Linux user # 414321
    You Should Not Give In To Evils, But Proceed Ever More Boldly Against Them!! -from book six of Virgil's Aeneid
    Everything Within The Universe Is Related; We Are All Cousins!!

  4. $spacer_open
    $spacer_close
  5. #4
    Linux Enthusiast cousinlucky's Avatar
    Join Date
    Dec 2005
    Location
    New York City
    Posts
    676

    There are many companies whose sole goal is hacking software and such.

    Take Vupen, a French company that offers a regularly updated catalogue of global computer vulnerabilities for an annual subscription of $100,000. If you see something that you like, you pay extra to get the details that would allow you to hack into it. A Vupen brochure released by Wikileaks in 2011 assured potential clients that the company aims “to deliver exclusive exploit codes for undisclosed vulnerabilities” for “covertly attacking and gaining access to remote computer systems.”

    At a Google sponsored event in Vancouver in 2012, Vupen hackers demonstrated that they could hijack a computer via Google’s Chrome web browser. But they refused to hand over details to the company, mocking Google publicly. “We wouldn’t share this with Google for even $1 million,” Chaouki Bekrar of Vupen boasted to Forbes magazine. “We don’t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.”

    From The wild west of surveillance by Pratap Chatterjee
    PCLinuxOS Gnome and PCLinuxOS Mate
    Linux user # 414321
    You Should Not Give In To Evils, But Proceed Ever More Boldly Against Them!! -from book six of Virgil's Aeneid
    Everything Within The Universe Is Related; We Are All Cousins!!

  6. #5
    Linux Enthusiast sgosnell's Avatar
    Join Date
    Oct 2010
    Location
    Baja Oklahoma
    Posts
    507
    If you read the original report, Firefox is very close behind Chrome, with little real difference in the numbers. It's only a matter of degree, a few percentage points difference, if that.

  7. #6
    Linux Enthusiast cousinlucky's Avatar
    Join Date
    Dec 2005
    Location
    New York City
    Posts
    676
    All the more reason more secure browsers are needed. I always felt better using the Konqueror browser; I wonder how vulnerable it is?
    PCLinuxOS Gnome and PCLinuxOS Mate
    Linux user # 414321
    You Should Not Give In To Evils, But Proceed Ever More Boldly Against Them!! -from book six of Virgil's Aeneid
    Everything Within The Universe Is Related; We Are All Cousins!!

  8. #7
    Linux Enthusiast sgosnell's Avatar
    Join Date
    Oct 2010
    Location
    Baja Oklahoma
    Posts
    507
    Konqueror is old, and therefore likely rather vulnerable. There is no such thing as a secure browser, never has been, never will be. First, users want more features, and more features means more ways to introduce exploits. Second, older browsers with fewer features tend to stop being supported and updated, thus the exploits found for them aren't patched. Newer browsers like Chrome and Firefox have lots of features, but they are actively updated, and as exploits are found, they are patched against. It's always an escalating arms race, and all one can do is hope the good guys stay on top of things. Or else just give up and turn off the interwebtubez.

  9. #8
    Linux Engineer docbop's Avatar
    Join Date
    Nov 2009
    Location
    Woodshed, CA
    Posts
    949
    I think a more secure browser is going to be tough, the role of the browser has grown so big, look at Firefox now has Firefox OS. Like an OS a browser is supporting multiple languages, plug-in's, add-on's, levels of security, and on and on. Computing has come full circle from the glass tube termial connecting to the mainframe to today the browser in now the terminal connecting to servers both local and in the cloud. So browser now are huge projects.

    The problem is as software becomes bigger the test matrix become unachievable to complete before release (if ever) so many things don't get tested till in real world use.

    <off soapbox>

  10. #9
    Linux User IsaacKuo's Avatar
    Join Date
    Feb 2005
    Location
    Baton Rouge, LA, USA
    Posts
    406
    You could hack together more browser security by running them in virtual machines--only going to one particular site for each virtual machine. Software developers could, in principle, do more compartmentalization to reduce the scope of vulnerabilities.

    But I agree that our current web browsers are too big and complex for our own good. A dumb terminal would actually be very useful and far easier to secure. And performance would be much better also, and it would require less RAM and CPU. The problem with the web browser is that it's a hack on top of a hack on top of a hack, developed originally to display paragraphs of text with inline pictures on any width the end user chooses (width of browser window). It's an absolutely horrible horrible horrible beast to fight with in order to produce an interactive web page with any sort of design elements...much less an interactive web app.

    What's really needed is a complete paradigm shift toward a "dumb terminal" interface. Forget the legacy of html and CSS. The real future is the lightweight app. You'd still have a locally running javascript layer between the GUI and the server, for performance reasons (and running offline), but the actual GUI components could be vastly simplified by requiring the javascript layer to simply give it dumb "paint" commands to put stuff on screen and receive dumb touch/drag "event" commands from the user.

    Thus, it's a dumb terminal connecting to a local "mini-server" running javascript in a locked down sandbox (like a miniature virtual machine). This "mini-server" connects to the remote web server.
    jayd512 likes this.
    Isaac Kuo, ICQ 29055726 or Yahoo mechdan

  11. #10
    Linux User nihili's Avatar
    Join Date
    Dec 2013
    Posts
    346
    thanks for the insight, isaackuo.
    i, too, think it's a historical load mostly, and browsers being used for so many things...
    my personal solution is to use as many seperate applications as possible to connect to the internet (media player, youtube downloader, mail client...) which i use only when needed and are controlled easier.
    a regularly updated large hosts file, and for my browser: no cookies by default, no search suggestions, no scripts.
    then i start allowing scripts on a per-site basis.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •