We know Chrome saw the pointy end of the hacking stick (they have those) just days ago at this year’s Pwn2Own conference, but it’s not the only browser at the event to have its insides spooned out, zero-day style. Not one, but two exploits engineered by French security company VUPEN allowed it to execute code outside of the browser’s sandboxed interior. The sad thing is, these flaws date back to Microsoft’s geriatric Internet Explorer 6.
Speaking to ZDNet, Chaouki Bekrar, VUPEN’s co-founder, told the site that the techniques went “all the way back to IE 6. It will work on IE 6 all the way to IE 10 on Windows 8.” To be fair, Bekrar later mentions Internet Explorer 10 is much improved security-wise over its predecessors, however, “many vulnerabilities in [IE's] Protected Mode” based on corrupting memory exist and remain unpatched.
If you’re reading this while (somehow) hugging your install of Firefox, well, I wouldn’t be so quick to kiss it square on the mouth. Bekrar had no qualms revealing the fact it has plenty of hacks for “every browser on every operating system”. Not that anyone is naive enough to believe any browser is 100 per cent secure.
I can’t say I know anyone who jumps between browsers based solely on how secure they are, but let us know if cycle between them regularly.