All browsers are not the same when it comes to online security. There has been a lot of discussion in the past couple of years about how to stay safe online, and people have begun wondering just how secure their web browsers are.
One of the most important components of browser security is how quickly vulnerabilities are fixed. Any browser is liable to being hacked using new exploits, so it’s important that fixes are made promptly and sent out to users before they risk being exposed.
Many people who are aware of online security issues are already using tools like VPNs (Virtual Private Networks) and antivirus packages, which are important defences for keeping yourself secure online. However, some browsers can undermine that extra security.
A notable risk in browsers that is especially pertinent to VPN users is WebRTC IP leaking. WebRTC (Web Real Time Communication) is a framework for letting websites easily send peer-to-peer audio and video, but it’s also a security risk as it can reveal users’ IP addresses even from behind a VPN. If you’re worried that this or any other issue is posing a threat to your data, read on to find out the security pros and cons of some of the most popular browser options.
Regular browser updates in Firefox are sent out every couple of months. However, when new vulnerabilities are discovered, Mozilla promises to release ‘hotfixes’ in less than a day.
Firefox has a built-in setting to disable WebRTC, as well as numerous extensions for improving your online security such as NoScript which allows you to disable scripts on every webpage other than those you trust.
Firefox also comes with built-in Do Not Track functionality, and container options so that you can open notoriously snoop-focused apps like Facebook in their own silo without access to the rest of your device. It also offers an insecure password warning if a site might be able to steal your data, and comes with built-in phishing and malware protection.
Verdict: rapid updates and a raft of defences as standard make this the most secure of the best-known browsers.
Initially there was much skepticism about Chrome’s security, since Google makes a lot of its money from its users’ information. However, while Chrome collects information just like other Google services, it has also introduced powerful security features like in-built protection against malware and phishing, as well as a Do Not Track feature.
Chrome was the first major browser to start sandboxing tabs, meaning that the browser ‘engine’ - the part that fetches and displays web pages - doesn’t have any access to system commands. This makes the browser hard to hack, and has given it a reputation for security.
Chrome also receives updates more often than any other browser. Since Chrome is the biggest kid on the block it’s also of most interest to hackers, so having a high update frequency with patches for exploits is important.
However, while Chrome is otherwise fairly secure, there is no option to turn off WebRTC. It can be disabled with extensions, such as WebRTC Control, but VPN users would do well to double check that their IP is not being leaked. To check if WebRTC is leaking your IP address in Chrome, use a free tool like HMA!’s WebRTC leak checker.
Verdict: secure enough for most people’s daily web use. Joint VPN and Chrome users will want to make sure they either disable WebRTC, or switch to a VPN provider that offers built-in WebRTC leak blocking.
Safari wins serious security points for its anti-phishing filters and optional pop-up blocking, but does have security weaknesses. It rarely updates, and in 2018 was the least updated of any available browser.
The most recent update did include patches for major flaws that were allowing password spoofing and auto-filled data theft, but currently WebRTC can’t be turned off in Safari even when using extensions.
Verdict: recent patches have made Safari a much more secure option that it used to be. However, VPN users will need to ensure that their VPN is blocking WebRTC leaks while using this browser.
Edge usually receives updates on a monthly or near-monthly basis. This is on the longer side of what is considered a good update frequency to fix vulnerabilities before they affect too many users, but is more frequent by far than Safari.
There is no way to disable WebRTC in Edge natively or with extensions, so VPN users should be wary of using this browser.
Verdict: while there are improvements over IE, Microsoft’s new browser is still not as secure as its competitors.
Avast Secure Browser is based on Chromium, the open source project that Chrome is also built on. When the Chromium code base gets updated with security fixes, they can be rolled out to all the browsers involved in the project. Avast Secure Browser should get security updates as quickly as Chrome, though in the past other Chromium-based browsers have often lagged behind Google’s own browser by an update or two.
WebRTC can be turned off in Avast Secure Browser using the Adblock feature. In addition to Adblock, there are also other built-in security tools such as anti-tracking and anti-phishing features built in to the browser.
Verdict: a secure option, with some great extra features.
TOR releases updates every couple of weeks or so, though since TOR routes traffic through its servers, there is less chance of exploits providing access to users’ computers in the first place.
There is no support for WebRTC in TOR, so you should not be at risk of IP leaks.
Verdict: the most secure browser, though too slow for regular use.
One of the most important components of browser security is how quickly vulnerabilities are fixed. Any browser is liable to being hacked using new exploits, so it’s important that fixes are made promptly and sent out to users before they risk being exposed.
A notable risk in browsers that is especially pertinent to VPN users is WebRTC IP leaking. WebRTC (Web Real Time Communication) is a framework for letting websites easily send peer-to-peer audio and video, but it’s also a security risk as it can reveal users’ IP addresses even from behind a VPN. If you’re worried that this or any other issue is posing a threat to your data, read on to find out the security pros and cons of some of the most popular browser options.
Mozilla Firefox
Firefox is favoured by a lot of security-minded users because it is open-source software managed by a non-profit company, so there is less opportunity or incentive for it to track its users.Regular browser updates in Firefox are sent out every couple of months. However, when new vulnerabilities are discovered, Mozilla promises to release ‘hotfixes’ in less than a day.
Firefox has a built-in setting to disable WebRTC, as well as numerous extensions for improving your online security such as NoScript which allows you to disable scripts on every webpage other than those you trust.
Firefox also comes with built-in Do Not Track functionality, and container options so that you can open notoriously snoop-focused apps like Facebook in their own silo without access to the rest of your device. It also offers an insecure password warning if a site might be able to steal your data, and comes with built-in phishing and malware protection.
Verdict: rapid updates and a raft of defences as standard make this the most secure of the best-known browsers.
Google Chrome
Since its first release in 2009, Google Chrome has steadily grown to become the most popular browser by a wide margin. On desktop, Chrome now commands almost 70% of market share.Initially there was much skepticism about Chrome’s security, since Google makes a lot of its money from its users’ information. However, while Chrome collects information just like other Google services, it has also introduced powerful security features like in-built protection against malware and phishing, as well as a Do Not Track feature.
Chrome was the first major browser to start sandboxing tabs, meaning that the browser ‘engine’ - the part that fetches and displays web pages - doesn’t have any access to system commands. This makes the browser hard to hack, and has given it a reputation for security.
Chrome also receives updates more often than any other browser. Since Chrome is the biggest kid on the block it’s also of most interest to hackers, so having a high update frequency with patches for exploits is important.
However, while Chrome is otherwise fairly secure, there is no option to turn off WebRTC. It can be disabled with extensions, such as WebRTC Control, but VPN users would do well to double check that their IP is not being leaked. To check if WebRTC is leaking your IP address in Chrome, use a free tool like HMA!’s WebRTC leak checker.
Verdict: secure enough for most people’s daily web use. Joint VPN and Chrome users will want to make sure they either disable WebRTC, or switch to a VPN provider that offers built-in WebRTC leak blocking.
Apple Safari
Individual tabs in Safari are not sandboxed, but Safari itself, like all official apps on MacOS, is sandboxed by the operating system.Safari wins serious security points for its anti-phishing filters and optional pop-up blocking, but does have security weaknesses. It rarely updates, and in 2018 was the least updated of any available browser.
The most recent update did include patches for major flaws that were allowing password spoofing and auto-filled data theft, but currently WebRTC can’t be turned off in Safari even when using extensions.
Verdict: recent patches have made Safari a much more secure option that it used to be. However, VPN users will need to ensure that their VPN is blocking WebRTC leaks while using this browser.
Microsoft Edge
When Microsoft revealed the successor to Internet Explorer (IE), they promised that it would address the security concerns that many had with its predecessor. Removing ActiveX and other tools that were often the source of exploits was a good start, but Edge is still far from the most secure browser.Edge usually receives updates on a monthly or near-monthly basis. This is on the longer side of what is considered a good update frequency to fix vulnerabilities before they affect too many users, but is more frequent by far than Safari.
There is no way to disable WebRTC in Edge natively or with extensions, so VPN users should be wary of using this browser.
Verdict: while there are improvements over IE, Microsoft’s new browser is still not as secure as its competitors.
Avast Secure Browser
Avast Secure Browser was created by Avast, the company known for its antivirus software. While fairly new and not well-known, the browser comes with some helpful security features.Avast Secure Browser is based on Chromium, the open source project that Chrome is also built on. When the Chromium code base gets updated with security fixes, they can be rolled out to all the browsers involved in the project. Avast Secure Browser should get security updates as quickly as Chrome, though in the past other Chromium-based browsers have often lagged behind Google’s own browser by an update or two.
WebRTC can be turned off in Avast Secure Browser using the Adblock feature. In addition to Adblock, there are also other built-in security tools such as anti-tracking and anti-phishing features built in to the browser.
Verdict: a secure option, with some great extra features.
TOR
The TOR browser is part of The Onion Router project, which disguises web traffic by routing it through their network of servers. TOR has gained a reputation as the ultimate browser for online privacy, but it does have its limitations. TOR can be incredibly slow due to web traffic passing through multiple servers, and without a VPN your web traffic can still be intercepted between your computer and the TOR network.TOR releases updates every couple of weeks or so, though since TOR routes traffic through its servers, there is less chance of exploits providing access to users’ computers in the first place.
There is no support for WebRTC in TOR, so you should not be at risk of IP leaks.
Verdict: the most secure browser, though too slow for regular use.
