Top Five Vulnerabilities Attackers Use Against Browsers

Email     |     Share  
1 | 2 | 3 | 4 | 5 | 6 | 7
Next Top Five Vulnerabilities Attackers Use Against Browsers-2 Next

Code execution exploits in the browser

This is the most egregious type, and also the rarest. Occasionally attackers will discover a vulnerability in the browser itself that allows execution of arbitrary binary code when a user simply visits a compromised site. Browsers are complex pieces of machinery with many subsystems (HTML rendering, JavaScript engine, CSS parser, image parsers, etc.), and a small coding mistake in any of these systems could offer malicious code just enough of a foothold to get running. From there, the malicious code has lots of options – downloading other malicious packages, stealing sensitive data and sending it to servers abroad, or silently waiting for further instructions from the attacker. The attacker doesn't even have to compromise a legitimate site to host such an attack – advertising networks have been used to distribute malicious code on otherwise secure sites.

Ways to avoid: Turn on automatic updates in Windows and in your browser of choice. This type of vulnerability is usually quickly patched by the browser or OS vendor, and so attackers have a very short window in which to use it against fully updated systems. You're probably not the target that they're going to use this rare and valuable zero-day against.

Web browsers are the primary target for many attackers these days, because so much sensitive data passes through them. From casual shopping to enterprise management systems to military operations, browsers have become the primary vehicle people use to access network-connected systems. Unfortunately, browsers have a long and storied history of vulnerabilities that have provided attackers with a lucrative and near-endless supply of victims upon which to prey. Quarri Technologies, Inc., a Web information security software company, has identified some of the top vulnerabilities attackers use against browsers.

Note: This slideshow is focused on browser vulnerabilities, not website vulnerabilities (SQL injection attacks, XSS, XSRF, et al). The distinction is subtle but important.


Related Topics : Unisys, Stimulus Package, Security Breaches, Symantec, Electronic Surveillance

More Slideshows

Social14-190x128.jpg 10 Ways to Improve Your Social Media Security Policy and Posture

When phone calls, video conference information, pictures, chat logs, etc. are all stored in a central location via social media, a potential hacker has access to just about everything, quickly and easily. ...  More >>

Security120-290x195 5 DDoS Myths Debunked

Unearth the real story behind five commonly held myths about distributed denial-of-service attacks. ...  More >>

Security119-190x128 8 Tips for Ensuring Employee Security Compliance

IT security ultimately depends on making sure employees use the appropriate tools and comply with policies designed to protect them and their data/applications. ...  More >>

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.