Home Google Releases Browser Security Handbook

Google Releases Browser Security Handbook

Just before announcing that Chrome was taken out of beta last week, Google released a browser security handbook for Web developers that details the key security features of the main Web browsers.

Released under a Creative Commons 3.0 license, the document provides a comprehensive comparison of security features of the commonly used browsers; IE (version 6 and 7), Firefox (version 2 and 3), Safari, Opera, Chrome and the lesser known Android embedded browser.

Wanting to give the Web world a one-stop reference to security issues in browsers, author Michal Zalewski writes “Insufficient understanding of these often poorly-documented characteristics is a major contributing factor to the prevalence of several classes of security vulnerabilities.”

Browser security has been an ongoing problem over the years and was the first subject discussed during the browser wars panel at the Add-on conference last week. Earlier this year, Robert Hansen and Jeremiah Grossman uncovered an attack known as clickjacking, which gives an attacker the ability to trick a user into clicking where the attacker wants on a site. A good overview can be found on the Computerworld site, which has a clickjacking FAQ:

“In plain English, clickjacking lets hackers and scammers hide malicious stuff under the cover of the content on a legitimate site. You know what happens when a carjacker takes a car? Well, clickjacking is like that, except that the click is the car.”

Clickjacking is one of the issues covered in the security handbook which is divided into three sections:

  1. Basic concepts behind Web browsers with reviews of core standards and technologies behind current browsers and their security properties
  2. Standard browser security features details explicit security mechanisms and restrictions
  3. Experimental and legacy security mechanisms discusses security mechanisms that have either fallen into disuse or never caught on, as well as those yet to prove their worth.

The document appears to be an ongoing project; you can find more details here.

Image Credit: Thanks Darwin Bell

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.