Difference between revisions of "Browser Security"
From MgmtWiki
(→Problems) |
(→Problems) |
||
| Line 6: | Line 6: | ||
==Problems== | ==Problems== | ||
| − | From a the point of view of security of user's devices as well as external content the following issues have been | + | From a the point of view of security of user's devices as well as external content the following issues have been noted. |
# Nearly all JavaScripts (as well as web assembly) are provided by web sites and must be considered to be hostile to user's security. | # Nearly all JavaScripts (as well as web assembly) are provided by web sites and must be considered to be hostile to user's security. | ||
# The WICG (Web Incubation Community Group) as well as other W3C groups are actively expanding the capability of code supplied by web sites and run as a part of the browser. | # The WICG (Web Incubation Community Group) as well as other W3C groups are actively expanding the capability of code supplied by web sites and run as a part of the browser. | ||
Revision as of 10:14, 8 March 2023
Full Title or Meme
Browsers run on user's device but essentially all content comes from sites that the user may not know or Trust.
Context
There has been an ongoing effort to make Progressive Web Apps have all of the functionality of a native app that the user has chosen to install on their computing device.
Problems
From a the point of view of security of user's devices as well as external content the following issues have been noted.
- Nearly all JavaScripts (as well as web assembly) are provided by web sites and must be considered to be hostile to user's security.
- The WICG (Web Incubation Community Group) as well as other W3C groups are actively expanding the capability of code supplied by web sites and run as a part of the browser.
- The capability of the user's device to support Artificial Intelligence is expected to grow exponentially starting with 2023.
- The ability of web loaded code to determine user behaviors and secrets via scraping and side channel attacks will grow with AI.
- As more JavaScript capabilities are determined to be subject to attacks, browsers that are sensitive to user security will block the features and web sites wills start failing on some browsers.
References
- See wiki page on Security
