The guide was published by Google in 2008 and is constantly updated reflecting the new security features and functionalities that have been integrated into the most predominant browsers. The lack of understanding of these features or the lack of documentation of them are the starting point of a large number of vulnerabilities, so, for this reason, INTECO-CERT recommends reading it to both Web developers and security managers.
The guide is in English and is divided into three parts, which are cited below:
- Basic concepts behind web browsers
- Standard browser security features
- Experimental and legacy security mechanisms
The second part shows a more detailed analysis of the security mechanisms in addition to the restrictions implemented within browsers. Topics such as vulnerabilities in DOM properties, network restrictions ("Port access restrictions", "URL scheme access rules", "Simultaneous connection limits", etc.), defense methods for harmful scripts, communications encryption, etc. are discussed.
Finally, the third part offers a brief summary of a set of security features implemented in various browsers in recent years, some of which are already in disuse. In addition, there are mentioned proposals in progress and improvements that are being incorporated among a large part of the browsers.
Source: INTECO-CERT
