Browser exploit

From ArticleWorld

Browser exploits are small code snippets that exploit design or implementation deficiencies in a web browser. Such exploits are generally used by malicious users who to crash the browser, read or write files stored on the target computer, or propagate malware programs.

Many exploits appeared after the introduction of client-side scripting languages and other technologies like ActiveX and Java. Some technologies, like ActiveX, have a design that makes them susceptible to security problems. Another such example is the Cross Zone scripting technique, which exploits the ability of pages in a browser zone to initiate execution with the privileges of another zone. Other technologies, like JavaScript, are secure enough in their design, but faulty implementation can generate problems.

Browser exploits have become more and more popular with the extension of the World Wide Web. Efforts have been taken by just about every major vendor to improve the security of their browsers. However, most browser still remain very unsafe, often not because of their design but because of the technologies that they implement. For example, browsers that implement support for the ActiveX technology can be the target of a browser exploit, even though the browser itself is perfectly secure.

Risk level

In general, the risk level of browser exploits is fairly low, since the web browser is not a process with high privileges. However, since it often stores private data, a browser exploit can, at least theoretically, compromise the privacy of a user.