
Chrome only browser left standing after day one of Pwn2Own - jlhamilton
http://arstechnica.com/security/news/2009/03/chrome-is-the-only-browser-left-standing-in-pwn2own-contest.ars
======
tptacek
On the other hand, Chrome is the browser security researchers know the least
about; it's not an apples-to-apples comparison, yet.

~~~
ntyntyesr
Comparing mobile browsers they ignored Opera - the most common mobile browser
and the most secure.

~~~
j2d2
Do you think it's more common than safari on iphone? Do you have any way to
verify that?

~~~
jonknee
Opera Mobile has significantly more installs than Mobile Safari, but Safari
probably has greater market share in terms of mobile visits (because iPhone
users use Safari quite a bit).

As for numbers, Opera says there are more than 120m installations of Opera
Mobile:

<http://www.opera.com/mobile/>

They have another product, for less powerful phones (it does rendering via a
proxy actually) that has 20 million users. Since the requests are all proxies,
Opera knows how many people use this product:

<http://www.opera.com/mini/>

~~~
royalpineapple
Safari Mobile is also on every ipod touch. giving it an even wider user base.

------
axod
>> "after day one"

Isn't this all a big theatre type thing anyway? Aren't exploits prepared well
in advance anyway?

It'd be a more interesting competition if the competitors were given never
before seen new versions of browsers, and asked to crack them on the spot.

~~~
secres
Since the rules change (i.e. become easier) each day, the day number gives you
some indication of the relative difficulty in performing the exploit, even
though the exploits themselves are prepared in advance:

[http://cansecwest.com/post/2009-03-18-01:00:00.PWN2OWN_Final...](http://cansecwest.com/post/2009-03-18-01:00:00.PWN2OWN_Final_Rules)

------
natmaster
"Windows, on the other hand, he claims is tougher because of its address
randomization feature and other security measures. As for Chrome, he says that
he has identified a security bug in Google's browser but has been unable to
exploit it because the browser's sandboxing feature and the operating system's
security"

Sounds like Chrome was saved by not having a version for the extremely
vulnerable Mac. Security by obscurity is no security at all.

~~~
simonw
Isn't address randomization a form of security by obscurity?

------
TimothyFitz
Guessing this is a symptom of: Tiny market share Radically different approach
to security (heavy sandboxing, multi-process)

We don't yet know if Chrome is actually more secure.

~~~
stcredzero
I'd bet that it is. I can't think of a fair way to adjudicate that, though.

------
drawkbox
As soon as all extensions are ported there is no reason not to use Chrome.

