Difference between revisions of "Browser Security"
From MgmtWiki
(→Problems) |
(→Problems) |
||
| Line 12: | Line 12: | ||
# The capability of the user's device to support [[Artificial Intelligence]] is expected to grow exponentially starting with 2023. | # The capability of the user's device to support [[Artificial Intelligence]] is expected to grow exponentially starting with 2023. | ||
# The ability of web loaded code to determine user behaviors and secrets via scraping and side channel attacks will grow with AI. | # The ability of web loaded code to determine user behaviors and secrets via scraping and side channel attacks will grow with AI. | ||
| + | ## Other Site's proprietary content is also subject to attack, which might have contractual relationships with the user. | ||
# As more browser features, like JavaScript capabilities, are determined to be subject to attacks, browsers that are sensitive to user security will block the features and web sites will start failing unexpectedly on some browsers and some devices. | # As more browser features, like JavaScript capabilities, are determined to be subject to attacks, browsers that are sensitive to user security will block the features and web sites will start failing unexpectedly on some browsers and some devices. | ||
# As o/s's become more accommodating to user security, sites that use some innovations will start to fail after o/s updates. | # As o/s's become more accommodating to user security, sites that use some innovations will start to fail after o/s updates. | ||
Revision as of 10:28, 8 March 2023
Full Title or Meme
Browsers run on user's device but essentially all content comes from sites that the user may not know or Trust.
Context
There has been an ongoing effort to make Progressive Web Apps have all of the functionality of a native app that the user has chosen to install on their computing device.
Problems
From a the point of view of security of user's devices as well as external content the following issues have been noted.
- Nearly all JavaScripts (as well as web assembly) are provided by web sites and must be considered to be hostile to user's security.
- Smartphone o/s generally support strong cross site protections. PCs not so much.
- The WICG (Web Incubation Community Group) as well as other W3C groups are actively expanding the capability of code supplied by web sites and run as a part of the browser.
- The capability of the user's device to support Artificial Intelligence is expected to grow exponentially starting with 2023.
- The ability of web loaded code to determine user behaviors and secrets via scraping and side channel attacks will grow with AI.
- Other Site's proprietary content is also subject to attack, which might have contractual relationships with the user.
- As more browser features, like JavaScript capabilities, are determined to be subject to attacks, browsers that are sensitive to user security will block the features and web sites will start failing unexpectedly on some browsers and some devices.
- As o/s's become more accommodating to user security, sites that use some innovations will start to fail after o/s updates.
References
- See wiki page on Security
