I see that people here are really obsessed with keeping browsers up to date for the purpose of security. I never really considered this to be a big deal because as far as im aware not much can be done by a malicious actor through just your browser. I have always thought that as long as you don't download and run unknown executables, its impossible for anything bad to happen these days. But seeing how obsessive some of you are with keeping browsers up to date that has gotten me thinking, is there something im not aware of?
How dangerous are browser exploits really?
Nathan Wright
Other urls found in this thread:
Cameron Miller
Generally if you use Chrome, nothing bad will happen, very rarely there is a 0-day exploit that can do real damage that isn't patched out before it's even released to the public. Most exploits that do exist have severe limitations like how much data you can pass through etc which make them useless for most purposes, and with OS-level protection on up-to-date Linux distros and Windows even if an exploit can execute arbitrary code, it will be further limited by that. Hence why social engineering attacks and scams have been so much more common in the past five or so years compared to before, getting the user to type in their credentials on a phishing site or download an executable that executes the payload is much more common. I have never in recent times for example heard of an exploit that steals stored passwords in the browser or establishes an admin-privilege TCP shell on the machine.
But it's not impossible. Jow Forums is just extreme.
That said, there is some software that you should always keep as up to date as possible, for example any servers like apache, databases and generally enterprise grade programs and those that listen for connections, as well as those that are poorly maintained like mIRC for example as these will generally have a much higher return-on-investment for black hat hackers as they are used by bigger fish, most exploits nowadays will be targeting those systems, and even then, most times corporations get hacked, it's social engineering, like a malicious attachment, etc.
You're honestly much better off improving your safety while browsing by just being wary, checking URLs of links you click, using uBlock/noScript/uMatrix/HTTPS Everywhere and such and make sure to keep an eye out for any suspicious extension updates and don't use public WiFi as HTTPS is still very susceptible to various MiTM attacks and you'd be surprised how many people like to play Mr.Robot IRL in [university name]'s STEM campus starbucks.
Kayden Parker
Very, browsers are probably the most commonly deployed software facing the internet. One exploit can hit millions of people, shotgun approach has guaranteed results.
Hunter Clark
Chrome is sandboxed, so likely nothing will happen.
Firefox, however, is a security nightmare. It really can affect your entire computer solely by visiting a website. It's insane.
Dominic Jenkins
See game consoles hacked via browser
Robert Brooks
Depends how exploitable but it could be apocalyptic.
Lincoln Jones
True, but game console browsers aren't anything like normal browsers since they're often not updated for years and get payloads specific to hardware.
Oliver Hall
Use Smart HTTPS instead.
Lincoln Morris
No, HTTPS Everywhere.
Adrian Watson
What about mobile? Do those things still apply?