Web browsers have come a long way since 1990. The first one to be conceived was called WorldWideWeb (not to be confused with the abstract information space) and quickly renamed to Nexus. It was developed by Sir Tim Berners-Lee and was made for FTP file sharing, limited streaming services and to access Bulletin Board Services.
What followed can only be defined as an explosion of the internet and web browsers. From Mosaic and Lynx in 1993, followed by Netscape Navigator in 1994, Opera in 1995 and then the Internet Explorer 1.0 in August 1995, these pieces of software quickly became an essential part of our lives. Netscape launched their browser saying:
Available for all popular desktop environments, Netscape is a powerful commercial navigator for the Internet, offering point-and-click network navigation. It is optimized to run smoothly over 14.4 kilobit/second modems as well as higher bandwidth lines, delivering performance at least ten times that of other network browsers. Netscape provides a common feature set and graphical user interface across computers running the Microsoft Windows, Macintosh, or X Window System operating environments.
They would go on to create the Mozilla Foundation which led to Firefox, Apple used Internet Explorer upto 2003, when it finally came up with Safari and Google jumped into the race with Chrome in 2008. What stands today is the result of repeated stages of evolution of the software. It became so important for these megacorps that it led to browser wars. Today, using them you can :
In 2020, an estimated 4.8 billion people are internet users. With widespread use like this, common sense dictates that browsers would be a natural target for attackers. Therefore, it is imperative that we work on securing them. Below is a bird’s eye view of the threat models they mitigate and address Keep in mind, these are brief summaries and not intended to be a result of thorough academic research.
Threats to web browsers can come from a variety of sources. As an example, it can either be an unreliable addon or use of same origin policies. The former extend your browser’s functionality in a number of ways. However, carefully crafted attacks on vulnerable addons could result in an attack on your system. The attacker could gain unauthorized access to sensitive information.
We certainly don't want that to happen.
On the other hand, violating the same-origin policy involves the web content violating access-control policies enforced by your browser. These separate content of different domains. It has been said that numerous incoherencies in access control policies still exist.
Some more examples would be session hijacking, cross-site scripting (XSS) and Cross-Site Request Forgery (CSRF). It should be noted that sometimes these are due to server security problems - modern browsers should be equipped to detect them nonetheless. Most modern browsers support adequate sandboxing of browser tabs as well - as these can lead to content leakage.
There’s a lot going under the hood that protects you when you’re online. We’ll briefly go over some basic security requirements which ought to be fulfilled by each modern web browser:
Despite so many security measures in place, we often read about creative ways nefarious attackers use to find loopholes. The modern web browser has come a long way and is capable of so much more now. You, being a developer, know more about this than anyone else. The web is not perfect, neither are the browsers. Yet it’s nice to stop once in a while to appreciate the hard work that has gone into these wonderful pieces of software.