EPFL Logo
fr|en
Login
Concept

Browser security

Browser security is the application of Internet security to web browsers in order to protect networked data and computer systems from breaches of privacy or malware. Security exploits of browsers often use JavaScript, sometimes with cross-site scripting (XSS) with a secondary payload using Adobe Flash. Security exploits can also take advantage of vulnerabilities (security holes) that are commonly exploited in all browsers (including Mozilla Firefox, Google Chrome, Opera, Microsoft Internet Explorer, and Safari). Web browsers can be breached in one or more of the following ways: Operating system is breached and malware is reading/modifying the browser memory space in privilege mode Operating system has a malware running as a background process, which is reading/modifying the browser memory space in privileged mode Main browser executable can be hacked Browser components may be hacked Browser plugins can be hacked Browser network communications could be intercepted outside the machine The browser may not be aware of any of the breaches above and may show user a safe connection is made. Whenever a browser communicates with a website, the website, as part of that communication, collects some information about the browser (in order to process the formatting of the page to be delivered, if nothing else). If malicious code has been inserted into the website's content, or in a worst-case scenario, if that website has been specifically designed to host malicious code, then vulnerabilities specific to a particular browser can allow this malicious code to run processes within the browser application in unintended ways (and remember, one of the bits of information that a website collects from a browser communication is the browser's identity- allowing specific vulnerabilities to be exploited). Once an attacker is able to run processes on the visitor's machine, then exploiting known security vulnerabilities can allow the attacker to gain privileged access (if the browser isn't already running with privileged access) to the "infected" system in order to perform an even greater variety of malicious processes and activities on the machine or even the victim's whole network.

Official source
About this result
This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Copyright © 2025 EPFL, all rights reserved

Graph Chatbot

Chat with Graph Search

Ask any question about EPFL courses, lectures, exercises, research, news, etc. or try the example questions below.

DISCLAIMER: The Graph Chatbot is not programmed to provide explicit or categorical answers to your questions. Rather, it transforms your questions into API requests that are distributed across the various IT services officially administered by EPFL. Its purpose is solely to collect and recommend relevant references to content that you can explore to help you answer your questions.