Browser Security

[mubs]

How good a firewall does a browser maintain between tabs? If a tab has a website open, is it safe to perform sensitive transactions in another tab, or better to close all tabs other than the sensitive one? Corollary is security between multiple instances of the same browser.

 

[timwhit]

Depends on what browser. Chrome tabs are sandboxed, but several tabs can share one sandbox and if you have multiple tabs opened with the same domain they will share data such as local storage and cookies. This is how you can login to a website in one tab and open multiple tabs and remain logged in on all of them. Cookies and local storage can't be read by other domains though. If there was a security hole here you would hear about it.

Opening an incognito window in Chrome is probably the safest way to perform sensitive transactions, but I don't worry about it.

 

[Bozo]

Isn't " Browser Security" an oxymoron?

 

[LunarMist]

The whole damned internet insecure and so are the bowsers. You need plausible deniability!

 

[mubs]

Thanks Tim.

Yes Bozo, it is! What other choice do we have?

 

[Mercutio]

All of the major browser except Mozilla-derived ones offer sandboxed tabs, but I think I'd rather have Moz's capability for scripting controls via addons than accept Chrome or Edge's baseline security model. Out of the box Firefox is basically swiss cheese as far as security, but I'd never use it that way.

In my experience, Chrome is still much more likely to be attacked as well since it's the most common browser at this point. All the annoyance that I once had about IE is more or less transferred to Chrome at this point, given how often I have to clean it up. A particular annoyance is the ease with which users can remove addons, which means that I get people who completely remove their ad and script blockers from Chrome because one web site (say, Forbes.com) told them they had to.

 

[mubs]

Over the last year or so, Chrome has become my favorite browser; it's so much faster then FF (for my needs; I never have 3m tabs open), creates PDFs of the web page perfectly which FF never does, etc.

Once Adblock & Flashblock are installer, plus Ghostery, is Chrome still unsafe? I though Google was always at the forefront of keeping the web safe?

 

[Mercutio]

I don't really think that it is, based on the number of Chrome installs I still have to clean.

 

[mubs]

So what add-ons would make FF safe? Flashblock, Adblock, Better Privacy and Ghostery are what I have. Noscript as well? Any others?

 

[Mercutio]

If you want to be safe, I think Noscript + RequestPolicy + whatever decent ad blocker with a good set of subscriptions is the best way to do it. Some people say uMatrix (and is available for Chrome) is better but I find it far too fiddly even compared to Noscript.

 

[mubs]

Thanks much!

 

[Handruin]

I'm not sure if this addresses your concerns entirely but check out this passage on an experimental new feature in future Firefox releases called Containers. It seems to focus on a concern you've brought up regarding webpage intercommunication within a single context of a running browser.

 

[mubs]

Interesting; thanks Handy! I'm amazed thar features like this have taken so long to evolve. I'd think after Interner Ver 1. (Netscape era) this would have become common.