The Federal Office for Information Security (BSI) publishes version 3.0 of its security requirements for web browsers for secure, reliable and confidential communication. What is new in the minimum standard is the extension to mobile browsers. Instructions for administrators follow under “Security requirements for operations”. Together with the minimum standards, the “Browser comparison table” and the “IT-Grundschutz reference table” were also updated.
Advertisement
According to the BSI, web browsers usually also load data from “untrustworthy sources” that contain malicious code such as viruses, Trojans, spyware and the like. Accordingly, use is always associated with risks, but these should be minimized with the minimum standards. The BSI has been defining requirements for the security of web browsers since 2017.
Browser comparison
The “Browser Comparison Table” also shows how the browsers Mozilla Firefox, Google Chrome, Microsoft Edge, Firefox for Android, Chrome Mobile and Safari Mobile perform when checking the security aspects specified by the BSI. Many requirements – such as cookies, website data and history, isolation of websites, transport layer security, HTTP strict transport security and others – are therefore met by current website viewers. According to the table, there is at least some protection against stack smashing in the mobile browsers tested; this could not be checked for Safari Mobile.
However, only Mozilla Firefox adheres to all minimum requirements, followed by Safari Mobile and Google Chrome. Finally, Firefox for Android and Chrome Mobile come with four minimum requirements, some of which are not met.
(mack)