Best Reviews logo
Best Reviews may receive compensation for its content through paid collaborations. See how we sustain our work & review products.
Most Secure Browser of 2018 for Password Management

Most Secure Browser of 2018 for Password Management

By István F.István F. Verified by Adam B.Adam B. Last updated: July 31, 2024 (0)
Table of contents

Most secure browser of 2018 for password management

The average user isn’t quite aware of how much information they unwillingly hand over to third party data trackers when they launch their favorite browsers. Despite the increasing prevalence of specialized apps to serve the various needs of users, web browsers still account for a huge chunk of our digital life. It’s the program we launch to read the news, listen to music, check our bank account, pay bills, and much more.

Fortunately (or not), the choice of web browsers continues to grow, and with it users concerns surrounding security. With the abundance of data breaches we’ve seen in 2017, many are wondering just exactly which browser is the most secure, especially when it comes to password management.

Web browser security vulnerabilities by the numbers

It’s not a place every internet user will visit every day, but the common vulnerabilities and exposures (CVE) database is something that needs to be checked from time to time. While the language used there may sound like gibberish to non-programmers, the number of vulnerabilities reported and their resolution progress offers reliable information about the current status of the web browser.

Apple’s Safari Web browser, for example, has a total of 922 CVE entries, which means the default browser of the macOS operating system has had this many security bugs of varying severity. Google Chrome, the most popular browser, has 1,582 CVE entriesFirefox 1,633, while Opera (an underrated browser featuring the same core technologies as Chrome) has 349. Microsoft Edge has 325 entries, and the lowest is Tor at 84. All these numbers reflect the total number of bugs discovered by security researchers and reported to the CVE.

DOM fuzzing

Google assembled a team of security researchers under the name of Project Zero with the aim of finding zero-day vulnerabilities. You might have heard about their findings: the “Heartbleed” vulnerability that made headlines came to the surface thanks to their efforts. One of the team members, Ivan Fratric, was tasked to test browser software for potential flaws.

Since DOM (Document Object Model) engines have historically been a “very good source” of browser bugs exploited by hackers, Fratric’s task was to test browser resilience against his own fuzzer called Domato.

This, however, doesn’t “necessarily reflect the security of the whole browser and instead focuses on just a single component (the DOM engine), but one that has historically been a source of many security issues,” Fratric explained in a blog post announcing the results. This obviously limits the reach of his research, but it is an important component users should keep in mind when choosing a password manager and using its browser extension.

The LastPass security breach from early 2017, for example, was related to DOM – it was triggered because of the way LastPass behaved in “isolated” worlds, a JavaScript execution environment sharing the same DOM as other worlds.

The most secure browsers according to Google’s project zero

After putting the most popular browsers to the test against the custom fuzzer Domato, Fratric found that Google’s own web browser, Chrome, was the most secure because it was only able to find only two bugs. Here is the list:

  1. Chrome – 2 bugs
  2. Firefox – 4 bugs
  3. Internet Explorer – 4 bugs
  4. Edge – 6 bugs
  5. Safari – 17 bugs

As you can see from the above list, Apple’s Safari is the outlier, with a significant number of bugs found when compared to Google’s browser. It is worth remembering, however, that the research was funded by Google, so we cannot exclude a biased result.

What can we learn from this?

While remote hacks using hardware vulnerabilities are possible, the first and lowest cost go-to method for a hacker to orchestrate an attack is by crafting a malicious site to exploit vulnerabilities in web browsers. This hacker-built site will install malware or run a script, and steal any passwords saved in a password manager just as was the case with the LastPass browser extension in early 2017. But other password managers such as 1PasswordDashlane, or Keepass also had their share of bugs.

Our recommendation, for security reasons, is to not use the browser extension of the password manager. Instead, use the dedicated desktop/mobile app or the browser’s password manager.


Best password managers of 2024

Editor's choice
RoboForm logo
Editor's rating:
(4.5)
Effective security center
Passkey compatibility
Intuitive and organized interface
Affordable prices
Families
LastPass logo
Editor's rating:
(4)
Logical interface
Automated password categorization
Advanced mobile version
Various two-factor authentication options
Businesses
1Password logo
Editor's rating:
(4.5)
End-to-end encryption
Secure authentication method
Data breach alarms
One-time password support
Security features
Keeper logo
Editor's rating:
(4.5)
Robust security
Wide range of platform support
Affordable
Great customer support
Personal use
NordPass Personal logo
Editor's rating:
(4.5)
Strong security features
Effective password generator
Excellent free version
Attractive price
Password sharing
Dashlane logo
Editor's rating:
(4)
Password changer
Built-in VPN
Flawless data import
Thorough iOS/Android app
Local storage
Enpass logo
Editor's rating:
(4)
Packed with features
Free for desktop users
Offline password manager
End-to-end encryption
User Feedback

 Leave a reply

Your email address will not be published. Required fields are marked *


Best Reviews

Best Reviews may receive compensation for its content through paid collaborations and/or affiliate links. Learn more about how we sustain our work and review products.

©2012-2024 Best Reviews, a clovio brand – All rights reserved
Privacy policy · Cookie policy · Terms of use · Partnerships · Contact us