dagger01

About

Username
dagger01
Joined
Visits
3
Last Active
Roles
member
Points
9
Badges
0
Posts
9
  • Google Chrome is the most vulnerable browser in 2022

    This is an absurd interpretation of the data. Having the most vulnerabilities listed in a database does not make Google Chrome "the most vulnerable".  Is Opera the most secure due to its lack of reported vulnerabilities? 

    Google has the most listed because it's by far the most popular browser and its vulnerabilities are worth quite a bit. (both by reporting them to Google for a bounty and on shady blackhat markets). Google also has a much more transparent vulnerability reporting process. Vulns reported to them privately usually still get listed but Safari vulns reported privately to Apple generally due not unless the security researcher does it themselves.  Also the vast majority of these vulnerabilities do not bypass the multiple layers of sandboxing employed. This is true for both Safari, Chrome, Firefox, etc.  So alone most of the these vulnerabilities can't be used to exploit someone.

    All that said, I do think Safari's security is likely superior to Chrome's but not because it has fewer vulnerabilities listed. Safari lags behind Chrome significantly in implementing new more powerful web APIs and this greatly reduces the attack surface area.
    This is absolutely correct and the article is horrible reporting made to create fear and stoke animosity toward Google's Chrome. Now, if the article had stated that the numerous vulnerabilities have not been patched, that would be bad. But, it says the exact opposite where it states, "
    Users can fix these by updating to Google Chrome version 106.0.5249.61." That means the vulnerabilities are only vulnerabilities if you're not updating the browser. Well, yeah, that's true of every piece of software that touches the web, including the operating system. Duh. If you don't keep it updated you're going to be vulnerable.

    The number of vulnerabilities getting CVEs is a good thing, not a bad thing. It means that the code is being actively policed and updated. That's not a bad thing and means Chrome is actually safer, not less secure. As varenhizzle comments, Google is transparent about its bugs while Apple seems to sweep them under the rug or tell people about them months later while exploits get actively used to harm users that could be taking mitigating steps before a patch to keep themselves secure.

    This is a terrible article that certainly shows a lack of understanding of how software security works well and the CVE system protects users, or it's a malicious article intended to cast Chrome as a boogeyman with dubious premises. I'd be careful if I were the editorial staff here publishing stories like this. It could see their publication end up in court for libel.

    I am a long time Mac user (and system administrator) that also uses Chrome in my job as a web developer. I've never had a problem with it as a browser as far as security. A couple of extensions used to block ads and other potential malicious things and you're all good. That's provided you also surf in a sane manner and keep your browser (and other internet tools and OS) up to date, but that should be the norm in 2022. Anyone not doing that is being reckless and irresponsible to their own detriment.
    williamlondonFileMakerFellertwokatmew
  • Apple's mystery internal network adapter probably isn't for public use

    Per emoeller and the article, this is probably part of Apple's internal security implementation for work-from-home employees. Apple had a RSI-based system for a VPN ages ago. I would imagine this device is a step toward something better. As stated in the article, it might never see a retail SKU in its current form but who knows? Might, eventually in another form.
    watto_cobra
  • German firms claim Google Chrome blocking cookies is illegal

    Hmmm...if it's an opt-in choice, they're upset that they don't control the opt-in choice? Is that the crux of their argument, because that doesn't make any sense. The user can still choose to opt-in by changing the cookie settings for the sites they want to opt into in the browser, site by site. I'm really having a hard time following their "logic". I am guessing they're hoping for a technologically illiterate court to rule in their favor, or they're just so illiterate themselves they don't understand how ignorant their stance is.
    elijahg