A recent study funded by Google and conducted by a security firm called Accuvant compares the security of three of the most widely used browsers: Google's Chrome, Microsoft's Internet Explorer, and Mozilla's Firefox. The results illustrate that Google is on top when it comes to innovative new safeguards, Microsoft is a close second place, and Firefox is falling far behind.

Accuvant's study, which was conducted independently but commissioned by Google, focused on exploit mitigations: Instead of counting vulnerabilities in the three browsers, it assumed that hackers would find hackable bugs in all three and instead compared how well they dealt with an attacker who has already gained some access to the machine. The browsers showed the most contrasts in three areas: Sandboxing, which limits a website exploit's access to a victim's machine, a feature known as Just-In-Time or JIT hardening, which prevents javascript on websites from compiling code that it can run on the user's computer, and plug-in security, which limits the access of not only exploits that run without user interaction on a site, but also those that attempt to trick users into downloading an add-on program that contains malicious commands.

In all three areas, Google tied or beat the competition. Its sandbox was found to be the strictest, while Accuvant says that Internet Explorer allowed hackers some file-reading capabilities even as it prevented them from installing malware. Its protections against malicious javascript were equal to Microsoft's, and its limitations on the malicious capacities of plugins were stronger than either of the other two browsers. In all three categories, Firefox's features were determined to be either “unimplemented or ineffective.”

halls-of-valhalla.org/images/news/chromefirefox2.jpg
Above is a chart illustrating Accuvant's findings.

The original story and a pdf of Accuvant's report can be found at Forbes.