A German government agency has tested web browsers. Only one recommended

the most secure browsers

One solution outclassed the other.

The German Federal Office for Information Security, a government agency dealing with cyber security matters, has taken the Internet browser under scrutiny. Representatives of the Bundesamt für Sicherheit in der Informationstechnik (BSI) tested a total of four programs in terms of security – the wallpaper included Mozilla Firefox 68. Google Chrome 76, Microsoft Internet Explorer 11 and Microsoft Edge 44.

All measurements were made as published one month ago document, in which BSI included guidelines for modern web browsers. It contained features that should characterize secure solutions. According to the Germans, a "secure browser" should, among others:

– Must allow administrators to disable cloud profile synchronization
– It must work after initialization with minimum permissions in the operating system. Must support sandbox mode. All browser components must be isolated from each other and the operating system. Communication between isolated components can only take place via defined interfaces. Direct access to isolated components resources is prohibited.
– Websites must be isolated from each other, preferably in the form of independent processes. Thread level isolation is also allowed.
– support TLS
– allow to delete passwords from the password manager
– allow users to block or delete cookies
– use the system memory security functions such as ASLR or DEP
– allow the use of local URL blacklists
– support HTTP Strict Transport Security (HSTS) (RFC 6797)
– verify loaded certificates via Certification Revocation List (CRL) or Online Certificate Status Protocol (OCSP)

The only browser that meets all requirements minimal agency proved to be Mozilla Firefox. Other browsers have died in many different ways. For example:

– none but Firefox offered the master password feature
– none other than Firefox allowed blocking telemetry
– only Firefox offered full organizational transparency
– IE and Edge did not offer different profiles and configurations
– IE lacked support for SOP, CSP and SRI, and even an update mechanism

It is a pity that Germany has not tested popular alternatives to the above browsers. Many people would certainly be interested in the results that Safari, Brave, Opera or Vivaldi would have obtained in the study.

Source: BSI. ZDnet