Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Web Browser Vulnerability Report

by Andrew Freeborn
April 26, 2016

Web browsers allow users to work with many services and web applications from a single application. In one screen in a web browser, the user can work on a shared document with team members. In another screen in a web browser, the same user could review purchase orders in an internally built web application. In yet another screen, the same user can read the news from a major news source. In all three of the previous cases, the user was interacting with different services with the same web browser.

Attacks on web browsers can happen in numerous ways that could allow attackers into the organization. A malicious ad served up on a news website could trick the web browser to download and run malware. Free software tools such as BeEF (Browser Exploitation Framework Project) can take advantage of weaknesses in a web browser and compromise the user. Attackers can lure the user to visit a site compromised with BeEF to compromise the user’s browser.

Some browsers are more secure than others, but all browsers have flaws that attackers can expose. The popularity of any browser generally dictates how many software vulnerabilities are found and then exploited. Analysts using Tenable’s Tenable.sc Continuous View (CV) with Nessus and Nessus Network Monitor (NNM) can best detect web browser vulnerabilities. Tenable.sc CV works actively with credentialed Nessus scans and passively with NNM analyzing the network in an organization. Deploying these solutions in the organization can help analysts to quickly discover outdated web browsers as well as web browser vulnerabilities.

The market for web browsers contains many options across the three major operating systems of Microsoft Windows, Apple Mac OS X, and Linux. The focus of this report is on the web browsers of Microsoft Internet Explorer and Edge, Google Chrome, Apple Safari, Mozilla Firefox, Konqueror, Opera and Netscape. These web browsers make up the majority of the web browser market.

As web browsers have continued to mature and grow, they have adapted various security methods to help protect the user. Some browsers help stop cross-site scripting (XSS) attacks to help protect the user, but not all browsers implement the same level of protection. Other web browsers implement their own version of Adobe Flash to help provide a specific experience and increased security. However, any feature put into a web browser is another attack vector for potential exploitation. Features that were meant to help protect the user could be potentially exploited to attack the user.

Tenable provides the necessary information to analysts to be aware of vulnerable web browsers in the organization. This report uses vulnerability information gathered from active scans with Nessus to provide detailed information of each scanned system. For example, if a web browser is present on a system but not used, there is still the potential that the web browser could be exploited. Information detected through network activity is also passively monitored with NNM. Analysts can benefit from both solutions with detailed and timely information within Tenable.sc  CV.

The report is available in the Tenable.sc Feed, a comprehensive collection of dashboards, reports, Assurance Report Cards, and assets. The report can be easily located in the Tenable.sc Feed under the category Threat Detection & Vulnerability Assessments. The report requirements are:

  • Tenable.sc 4.8.2
  • Nessus 8.6.0
  • NNM 5.9.0

Tenable provides continuous network monitoring to identify vulnerabilities, reduce risk, and ensure compliance. Tenable's family of products includes Tenable.sc Continuous View (CV), Nessus, Nessus Network Monitor (NNM), and Log Correlation Engine (LCE). Tenable.sc CV provides the most comprehensive and integrated view of network health, and is the global standard in detecting and assessing network data.

This report contains the following chapters:

  • Executive Summary: This chapter provides an overview of web browser vulnerabilities detected in the organization
  • Web Browser vulnerabilities summary: This chapter provides analysts with an overview of vulnerabilities per web browser across time
  • Web Browser vulnerabilities in detail: This chapter provides detailed information of the web browser vulnerabilities identified earlier in this report
Try for Free Buy Now

Try Tenable.io

FREE FOR 30 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now.

Buy Tenable.io

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

$2,275

Buy Now

Try for Free Buy Now

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy Nessus Professional

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.

Buy a multi-year license and save. Add Advanced Support for access to phone, email, community and chat support 24 hours a day, 365 days a year. Full details here.

Try for Free Buy Now

Try Tenable.io Web Application Scanning

FREE FOR 30 DAYS

Enjoy full access to our latest web application scanning offering designed for modern applications as part of the Tenable.io platform. Safely scan your entire online portfolio for vulnerabilities with a high degree of accuracy without heavy manual effort or disruption to critical web applications. Sign up now.

Buy Tenable.io Web Application Scanning

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

5 FQDNs

$3,578

Buy Now

Try for Free Contact Sales

Try Tenable.io Container Security

FREE FOR 30 DAYS

Enjoy full access to the only container security offering integrated into a vulnerability management platform. Monitor container images for vulnerabilities, malware and policy violations. Integrate with continuous integration and continuous deployment (CI/CD) systems to support DevOps practices, strengthen security and support enterprise policy compliance.

Buy Tenable.io Container Security

Tenable.io Container Security seamlessly and securely enables DevOps processes by providing visibility into the security of container images – including vulnerabilities, malware and policy violations – through integration with the build process.

Learn More about Industrial Security

Get a Demo of Tenable.sc

Please fill out the form below with your contact information and a sales representative will contact you shortly to schedule a demo. You may also include a short comment (limited to 255 characters). Please note that fields with asterisks (*) are mandatory.

Try for Free Contact Sales

Try Tenable Lumin

FREE FOR 30 DAYS

Visualize and explore your Cyber Exposure, track risk reduction over time and benchmark against your peers with Tenable Lumin.

Buy Tenable Lumin

Contact a Sales Representative to see how Lumin can help you gain insight across your entire organization and manage cyber risk.