When
viruses,
Trojans and their ilk were introduced, the most popular way to infect machines was via e-mails. As recently as 10 years back, awareness about information security was abysmally low, and cyber criminals exploited this lack of knowledge to their advantage. The introduction of antivirus software and their benefits reduced this threat substantially. Companies took cognizance of cyber threats, and took efforts to neutralize them. Cyber criminals than used a more direct route to compromise information security. While most companies take adequate precautions protecting their e-mails, the same cannot be said about browsing websites. In most organizations, users need to access different websites in order to get information / data. Cyber miscreants exploit the vulnerabilities in these browsers to gain access without the victim’s knowledge.
Web browsers are software applications that are used to access information from the World Wide Web. As the popularity of smart phones grows, the use of web browser has increased too. Over the years, leading companies that offer web browsers (Chrome, Firefox, Internet Explorer and Opera, to name a few) have enhanced the functionality of their web browsers. The earlier browsers could only parse HTML and plain text (WorldWideWeb) and images (Mosaic); modern browsers need to display videos, understand JavaScript / AJAX and other complex file formats / protocols. Naturally, as the complexity of the browsers increase, the cyber security threats increases. These security vulnerabilities are targeted by miscreants and criminals.
What are Browsers?A web browser is the software that connects millions of users and their devices to navigate and retrieve information from the World Wide Web. They are the intermediary applications that use many protocols that allow users to view and scroll not only text, but view images, videos, listen to audio and jump between pages / websites using the hyperlink protocol.
A web browser is the software that connects millions of users and their devices to navigate and retrieve information from the World Wide Web. They are the intermediary applications that use many protocols that allow users to view and scroll not only text, but view images, videos, listen to audio and jump between pages / websites using the hyperlink protocol.
What are Browsers?
A web browser is the software that connects millions of users and their devices to navigate and retrieve information from the World Wide Web. They are the intermediary applications that use many protocols that allow users to view and scroll not only text, but view images, videos, listen to audio and jump between pages / websites using the hyperlink protocol. |
Working of a Browser
Before we talk about browser vulnerabilities, let us first see how a browser works.
All the leading browsers implement their own architecture. For example, Internet Explorer has a modular architecture that enables the reuse of its components and developers to enhance and extend the browser's performance. The Mozilla Firefox layout engine is called Gecko. Gecko itself is a browser engine, as well as a rendering engine that talks to other components like the HTML Parser, the XML Parser, the JavaScript Interpreter, Necko (a network component consisting of networking libraries responsible for all network communication, security and the representation of different format of data).
Irrespective of their architecture, any modern browser essentially consists of three main parts:
- The controller: As the name implies, a controller handles the various components of the browser. It takes inputs from the keyboard or mouse and uses the client programs to access the document. It then uses one of the interpreters to display the document on the screen. It typically uses the http protocol for this, though a client program like telnet or FTP can also be used.
- Client Program: The client acts as an intermediately between the client and the server. It initializes a transaction by sending a request message to the server; the server replies by sending a response.
- HTML Interpreter: The main task of the interpreter is to take a web document (HTML, JavaScript, mp3, etc.) as input and produce a fully formatted page for display in the browser’s frontend.
It is worthwhile to remember that more complex the code, more the chances of a browser being vulnerable. Add to this third party plug-ins, and the scope for cyber security threats increases manifold.
Most of the browser companies have independent teams of cyber security / information security teams that try to assess vulnerabilities internally and plug them before any miscreant exploits it with a malicious intent. Some of these security flaws could also be exploited to allow individuals to remotely compromise the device that accesses the browsers. In essence, what this means is that the hacker can get access to sensitive information on the device that the browser uses.
In the
second part, we will discuss more browser vulnerabilities that occur due to coding lacunae.
You may also like to read: