Browser Security

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
How good a firewall does a browser maintain between tabs? If a tab has a website open, is it safe to perform sensitive transactions in another tab, or better to close all tabs other than the sensitive one? Corollary is security between multiple instances of the same browser.
 

timwhit

Hairy Aussie
Joined
Jan 23, 2002
Messages
5,278
Location
Chicago, IL
Depends on what browser. Chrome tabs are sandboxed, but several tabs can share one sandbox and if you have multiple tabs opened with the same domain they will share data such as local storage and cookies. This is how you can login to a website in one tab and open multiple tabs and remain logged in on all of them. Cookies and local storage can't be read by other domains though. If there was a security hole here you would hear about it.

Opening an incognito window in Chrome is probably the safest way to perform sensitive transactions, but I don't worry about it.
 

LunarMist

I can't believe I'm a Fixture
Joined
Feb 1, 2003
Messages
17,497
Location
USA
The whole damned internet insecure and so are the bowsers. You need plausible deniability!
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
All of the major browser except Mozilla-derived ones offer sandboxed tabs, but I think I'd rather have Moz's capability for scripting controls via addons than accept Chrome or Edge's baseline security model. Out of the box Firefox is basically swiss cheese as far as security, but I'd never use it that way.

In my experience, Chrome is still much more likely to be attacked as well since it's the most common browser at this point. All the annoyance that I once had about IE is more or less transferred to Chrome at this point, given how often I have to clean it up. A particular annoyance is the ease with which users can remove addons, which means that I get people who completely remove their ad and script blockers from Chrome because one web site (say, Forbes.com) told them they had to.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
:(

Over the last year or so, Chrome has become my favorite browser; it's so much faster then FF (for my needs; I never have 3m tabs open), creates PDFs of the web page perfectly which FF never does, etc.

Once Adblock & Flashblock are installer, plus Ghostery, is Chrome still unsafe? I though Google was always at the forefront of keeping the web safe?
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
So what add-ons would make FF safe? Flashblock, Adblock, Better Privacy and Ghostery are what I have. Noscript as well? Any others?
 

Mercutio

Fatwah on Western Digital
Joined
Jan 17, 2002
Messages
22,303
Location
I am omnipresent
If you want to be safe, I think Noscript + RequestPolicy + whatever decent ad blocker with a good set of subscriptions is the best way to do it. Some people say uMatrix (and is available for Chrome) is better but I find it far too fiddly even compared to Noscript.
 

mubs

Storage? I am Storage!
Joined
Nov 22, 2002
Messages
4,908
Location
Somewhere in time.
Interesting; thanks Handy! I'm amazed thar features like this have taken so long to evolve. I'd think after Interner Ver 1. (Netscape era) this would have become common.
 
Top