Browser Security
Today, the three most popular desktop browsers are Chrome, followed by Microsoft Internet Explorer and Firefox. Other major browsers includes Apple Safari and Opera. While most commonly used to access information on the web, a browser can also be used to access information hosted on Web servers in private networks.
It is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript — sometimes with Cross-site scripting (XSS), sometimes with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities (security holes) that are commonly exploited in all browsers (including Mozilla Firefox, Google Chrome, Opera, Microsoft Internet Explorer, and Safari).
Plugins and Extensions
Although not part of the browser per se, browser plugins and extensions extend the attack surface, exposing vulnerabilities in Adobe Flash Player, Adobe (Acrobat) Reader, Java plugin, and ActiveX that are commonly exploited. Malware may also be implemented as a browser extension, such as a browser helper object in the case of Internet Explorer. Browsers like Google Chrome and Mozilla Firefox can block—or warn users of—insecure plugins.By using Camera/Microphone usage
We need to block from running it automatically or have the browser ask you each time a website wants to use the camera or microphone. Only allow for trustworthy web or applications.
How Browser gets Hacked?
It can change your browser homepage, search engine and install unknown toolbars which leads to illegitimate pop up advertisements.
The aim is to help the cyber criminal to generate money through fake advertisements. When users click on the search engine or Redirect URL the attackers gets paid. They will also know your browsing activities to sell private information to third parties.
Browser hacking malware might be installed Ransomware that encrypts your data and keeps hold until you pay the ransom money to the cyber criminal.
How To Secure Your Browser?
- Always use Internet Antivirus, it includes your web browser security features.
- To check your browser add-ons, if you find any unknown add-on or plugin then immediately remove that from your browser.
- Before closing the Browser, delete your Browser history, cookies and cache.
- Keep browser Updated
- Do not click on unknown Link, attached mail
- Use Ad block to block Pop-ups and Ad script
- Never store your password in the browser
Hardening Browser
Browsing the Internet as a least-privilege user account (i.e. without administrator privileges) limits the ability of a security exploit in a web browser from compromising the whole operating system.
Suspected malware sites reported to Google, and confirmed by Google, are flagged as hosting malware in certain browsers.
There are third-party extensions and plugins available to harden even the latest browsers, and some for older browsers and operating systems. Whitelist-based software such as NoScript can block JavaScript and Adobe Flash which is used for most attacks on privacy, allowing users to choose only sites they know are safe – AdBlock Plus also uses white-list ad filtering rules subscriptions, though both the software itself and the filtering list maintainers have come under controversy for by-default allowing some sites to pass the pre-set filters. Many of intelligence agencies recommend to blocking Flash using NoScript.
Need To Know?
Always check HTTPS for Top Websites. HTTPS is encryption layer used to secure against attackers with access to the network from changing the page contents en route.
For normal password usage on the WWW, when the user is confronted by a dialog asking for their password, they are supposed to look at the address bar to determine whether the domain name in the address bar is the correct place to send the password.
For example: If you are surfing Bank websites, always check HTTPS sign-on system (used on e.g. anybank.com), the user should always check that the address bar says “https://anybank.com” before entering your password id.