In the last 20 years, I mean since we started using internet and browsers, we have discovered a lot of security vulnerabilities and thus we concluded that the browser itself is a vulnerable application.
It’s not over though. Even till days, different vulnerabilities are being discovered in all types of browsers.
Nowadays we have more choices of browsers than ever before and they all come with many security glitches – the developers don’t leave those glitches intentionally but as humans we tend to make mistakes and one thing leads to another.
Even if the browser is pretty secured, we have many options available to install the extensions or plugins and many times the vulnerabilities are associated with extensions themselves and they put browser at risk.
Even if the browser is fully patched and get updates from the vendor, there are still ways to breach into it using XSS and CSRF attacks. Any vulnerability is a risk to the confidentiality, integrity and availability of user data and network data as well as system data. There are some ways vendors can make the browser secure.
For example, if they limit the script execution or create more user awareness about the threats or they keep the extensions installation in control, etc. Site-sandboxing.
Let's look into the steps you need to take to make sure your browsers are secure.
Keep Your Browsers Updated
This is the first and foremost requirement to secure your browser.
If you’re using Window, Linux, Mac or any other OS, it is advised to turn the automatic updates ON. Don’t wait until the browser version goes out of date. Subscribe vendor emails so that you will get notifications about serious browser problems and patches.
Keep your browsers updated. Turn ON automatic updated. That's the most important step to make any browser secure.
Change Security Settings in the Browser
There are some steps you can take to make the browser more secure. For example,
- Do not allow any website to open an automatic pop-up
- Keep a strong password and use two step authentications (most services provide that option)
- Do not allow cashing of password or other personal info
Not all of these steps are necessary to take. Also, some of the functionality won’t work if you change some settings.
So, understand what you want to block, it’s implications and how to go back to the previous state if something doesn’t work.
Do no click on suspicious links
You should always read the link texts before clicking. If you fell that it’s prompting, you to click then it’s probably going to take you to unsafe place.
Second, try to see what’s the actual link by just hovering the mouse on the link. In almost all the browser you’ll be able to see the original link if you hover on the link for a second or two. That will give you an idea whether to click it or not.
Also, don’t click on emails links as well until you fully trust the source. Same in Facebook or any other social media platform. They all have those bad links by which user information will be sent to the page they are vising.
DO NOT click on suspicious links.
Only install important plugins or extensions
Remove all those unnecessary extensions and plugins which you never use.
OR just change the permissions on what they can and cannot see if you really want to keep them.
I have discussed in the Chrome features about how to change those permissions. Some extensions change its permission even if they are from trusted sources.
Brower will notify you when that happens. Keep an eye on those notifications. Make sure you read all the permission the extension is going to need while installation.
If you think the extension is asking for too much information, then do not install it and notify the browser vendor about it.
Be careful while installing plugins and extensions.
Do not allow cookies to save unless it’s requires
Many websites will ask you to accept the cookies settings and once you accept it, it will save different info about you, your browser, location and whatnot on your compute and then use it whenever requires.
- Do not accept those cookies settings unless you really need that.
- Also, when a website asks for your permission, it will also give you details on why they need to save all those cookies and how they are planning to use it. If you do not see enough information, do not allow that website any permission.
Turn off location tracking as well
There are many websites which will ask for your location to “improve their services”. Mostly it’s because of user demographics data. So, make sure you read everything before you allow them to track your location.
Turn off auto saving of passwords, form data and credit card info
Strong passwords are hard to remember, and we often save it to the browser for later easy log in but be careful when you do that and sync it. Try not to save passwords into browsers. Make a strong passwords and memories them using some sentences. There are lots of ways we can memorize the strong passwords.
Never allow any browser to save your credit card information. It’s hard to type credit card information every time especially when you shop online a lot. But make a habit of entering data manually.
Disable auto fill for form data as well.
Say NO to auto save password option! Don't fall into that easy trick!
Do not log into public browser
Nowadays we have sync option to sync the whole browser settings and history and everything else. We can take it wherever we go. But beware of this helpful tool. Only login into the computers or browsers or networks you trust like your own home.
If you see that the version of the browser is not up to date, notify to the authority about it and do not ever log in until it’s up to date for ask for up to date version for your work.
I would advise not to ever log into a school computer browser or a public library browser.
If, in worst case scenario, you have to log in and sync your data, then remove everything after you’re done. OR keep a separate account with least privileges and some regular files which need to be synced. So, in those cases you can use that temporary account.