A web browser is a software application which enables a user to display and interact with text, images, videos, music, games and other information typically located on an Internet website.

From a security perspective, there are two potential problems to need to defend against, while still allowing the user to access useful information, any web browser can be used to (unintentionally) install malware.

Some fraudulent web sites trick the user into downloading and installing a trojan, a keylogger[1], or other malware, and some web sites exploit a vulnerability in some web browsers, directly downloading and installing malware without the user doing anything.

A web browser can also gain private information over the user.

Internet Explorer

Internet Explorer has had so many vulnerabilities that Bruce Schneier, David A. Wheeler, and other security experts recommend switching to a different web browser[2][3][4].

Mozilla Firefox and Google Chrome

Mozilla Firefox/Google Chrome users are starting to get targeted by malware writers because of an increasing market share.[5] The malware, which BitDefender dubbed "Trojan.PWS.ChromeInject.A" sits in your add-ons folder which runs when it is started. The malware uses JavaScript to identify more than 100 financial and money transfer Web sites, including Barclays, Wachovia, Bank of America, and PayPal along with two dozen or so Italian and Spanish banks. When it recognizes a Web site, it will collect logins and passwords, forwarding that information to a server in Russia.[5] When it runs on a PC, it registers itself in the system files as "Greasemonkey," a well-known collection of scripts that add extra functionality to Web pages rendered by Firefox.[5]


Most browsers provide a "sandbox" to allow a program to run without access to the rest of the computer. Included in most browsers is a sandbox for Java applets and another sandbox for JavaScript applets. Many users also choose to download the Adobe Flash plugin that includes a sandbox for Adobe Flash animations, and the Microsoft Silverlight plugin that includes a sandbox for Silverlight applications.


External links

Community content is available under CC-BY-SA unless otherwise noted.