Google Experiment Tests Top 5 Browsers, Finds Safari Riddled With Security Bugs

[LASER_oneXM]

The Project Zero team at Google has created a new tool for testing browser DOM engines and has unleashed it on today's top five browsers, finding most bugs in Apple's Safari.

The tool — named Domato — is a fuzzer, a security testing toolkit that feeds a software application with random data and analyzes the output for abnormalities.

Google engineer Ivan Fratric created Domato with the goal of fuzzing DOM engines, the browser components that read HTML code and organize it into the DOM (Document Object Model), which is then "painted" and displayed inside the browser window that human users view on their screens.

Google test finds 17 security bugs in Safari's DOM engine
To prove Domato's capabilities, Fratric took today's top five browsers — Chrome, Firefox, Internet Explorer, Edge, and Safari — and subjected them to 100 million fuzz tests with Domato.

Results showed that Safari had by far the worst DOM engine, with 17 new bugs discovered after Fratric's test. Second was Edge with 6, then IE and Firefox with 4, and last was Chrome with only 2 new issues.

Non-security bugs were ignored, and Fratric also pointed out that if Microsoft wouldn't have added MemGC (user-after-free exploit mitigation) in IE and Edge, those browsers would have faired much worse.

 

[ForgottenSeer 55474]

I am a Google Chrome user, so I am happy, but I like Edge very much also.
I thought that Edge was really good security wise.

 

[tonibalas]

I am using Cent and FF Nightly.
Happy to see that these browsers are having good results.