The web browser is arguably the most security-critical component in our information infrastructure. It has become the channel through which most of our information passes. ENISA is seizing a unique chance to make detailed recommendations for improvements to browser security before they become non-negotiable for years to come.
The standards which govern the browser are currently undergoing a major upgrade. This includes HTML5, cross-origin communication standards such as CORS and standards for access to local data such as geo-location. In total 51 security threats and issues are identified and detailed in this report.
July 31, 2011
Editors: Dr. Giles Hogben, Dr Marnix Dekker, Authors: Philippe De Ryck, Lieven Desmet, Pieter Philippaerts, and Frank Piessens, Katholieke Universiteit Leuven