The most common and impactful security threats facing users today are socially engineered malware and phishing attacks. As such, they have been the primary focus of NSS Labs continued research and testing of the security effectiveness of browsers. While drive-by downloads and clickjacking are also effective attacks that have achieved notable publicity, they represent a smaller percentage of today’s threats. Drive-by downloads are commonly the result of a successful phishing attack and clickjacking attacks often lead to a phishing web page.
The average phishing URL catch rate for browsers over the entire 10 day test period ranged from 90 percent for Firefox (version 15) to 94 percent for Chrome (version 21). With a margin of error of about 2 percent, there is little difference in the average block rate of the browsers and one must consider other factors, such as socially engineered malware blocking capabilities, for qualitative differences in the security effectiveness of the browsers.
Mean Block Rate for Phishing (higher is better)
Apple Safari 5
Google Chrome 21
Microsoft Internet Explorer 10
Mozilla Firefox 15
Download this unsponsored and independent report to see the full results.