We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Group test: which web browser is most secure?

Chrome, Firefox, Safari, Opera and IE tested

All of the most popular browsers such as Chrome, Firefox, Internet Explorer, have different security advantages and shortcomings. We've put them through rigorous tests, to find out which is best for you.

Vulnerability announcements and attacks
How many vulnerabilities have been found and publicly announced against the browser product? Are the vulnerability counts going up or down as the vendor patches its browser? How severe have the vulnerabilities been? Do they allow full system compromise or denial of service? How many vulnerabilities are currently unpatched? What is the history of zero-day attacks against the vendor? How often is the vendor's browser targeted versus a competitor's product?

Browser security test
How did the browser fare against popularly available browser security test suites? In this review, all of the products passed the most well-known browser security tests located on the internet, so each item was further exposed to dozens of real-life malicious websites. Often the outcome was not pretty. I experienced frequent browser lockups, objectionable content, and sometimes complete system reboots.

Enterprise manageability features
It's generally easy to secure a favourite individual browser for personal use, but doing so for an entire business requires special tools. If the browser were selected for enterprise use, how easy is it to install, set, and manage secure configurations for every user?

How I tested

I downloaded the latest publicly available version of each browser (including beta products) and installed it on fully patched 32-bit versions of Windows Vista Enterprise SP1 and Windows XP Pro SP3. I reviewed all security settings and options and checked the vendor documentation for clarification. I then subjected each browser to numerous tests, including dozens of pre-defined tests made in the lab, internet-based test suites, and exposing the browsers to known-malicious websites.

The Internet-based test suites included several browser security test sites, such as scanit and Jason's Toolbox; several JavaScript, Java, and pop-up blocker testing sites; several cross-site scripting (XSS) testing websites; and several browser privacy test sites. I tested the security of the browsers' password handling using the Password Manager Evaluator and the security of cookie handling using the Gibson Research Corporation's Cookie Forensics. I tested Extended Validation certificates using links provided on the IIS7 site.

I surfed to dozens of sites known to contain live malware from several public and private malware site lists, including ShadowServer. I also visited dozens of known phishing websites, courtesy of PhishTank and similar referral sites. I used Process Explorer to monitor local processes and resources during install and ongoing operations. And I sniffed the browsers' network traffic using Microsoft Network Monitor Overview or Wireshark and examined the results for information leaks.

Finally, I also relied on public vulnerability testing for these evaluations, including Metasploit and milw0rm.com. Vulnerability statistics were taken from Secunia.com or CVE.

Additionally, each browser was used over a series of several weeks (or longer) to test general use, patching intervals, and other involved functionality.

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

NEXT PAGE: The most secure browser

  1. We put Chrome, Firefox, Safari, Opera and IE through their paces
  2. Making a secure browser
  3. How to measure the security of a browser
  4. Vulnerability announcements and attacks
  5. The most secure browser
  6. Google Chrome and Mozilla Firefox
  7. IE8, Opera and Safari

IDG UK Sites

Best camera phone of 2015: iPhone 6 Plus vs LG G4 vs Galaxy S6 vs One M9 vs Nexus 6

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model