A new study has concluded that Google Chrome exceeds Firefox and Internet Explorer on the security front. A feat that is largely due to Chrome’s sandboxing and plug-in security.
Ars Technica is reporting that the study – which was conducted by security vendor, Accuvant Labs – was paid for by Google itself. While this has raised suspicion in some quarters, Accuvant apparently insists that Google gave it “a clear directive to provide readers with an objective understanding of relative browser security” and that the conclusions in the paper “are those of Accuvant Labs, based on our independent data collection.” The supporting data is available for scrutiny as a separate download.
Accuvant focused only on Chrome, IE and Firefox, excluding Safari and others to save time. In addition, browsers were only tested on Windows 7, 32-bit edition and the research itself was done in July, meaning the report excludes newer versions of Chrome and Firefox, which have more rapid release cycles than Internet Explorer.
The below chart summarizing Accuvant’s conclusions shows Google’s sandboxing and plug-in security to exceed that of Internet Explorer, and that Google at least matches Firefox and IE in other types of security. In the chart, DEP refers to data execution prevention, GS is a compiler switch used to prevent buffer overflows, ASLR stands for Address Space Layout Randomization, and JIT stands for “just in time” compilation, which is used to improve runtime performance.