Security risks in browsers mainly include phishing, privacy tracking, data hijacking, and browser security vulnerabilities. (Recommended learning: web front-end video tutorial)
Phishing (Phishing, similar to the pronunciation of fishing in English, also known as phishing method or phishing attack) is An attack method that involves sending a large number of spoofed spam emails claiming to be from a bank or other reputable institution, with the intent of tricking the recipient into revealing sensitive information such as username, password, account ID, ATM PIN, or credit card details.
The most typical phishing attack lures the recipient to a carefully designed phishing website that is very similar to the website of the target organization, and obtains the sensitive personal information entered by the recipient on this website. Usually this attack process does not alert the victim. It is a form of "social engineering attack". Phishing is a form of online identity theft.
Privacy Tracking Using cookies, cookies that sell user data can also be achieved by inserting third-party cookies. Advertising trackers place a pixel on web pages that are popular with users and are widely visited. A transparent image of a certain size so that the user cannot see the image, but it is still loaded, so that ad trackers can insert cookies through this image and continuously track the user's browsing history.
Data hijacking refers to intercepting this behavior through a piece of code when accessing or modifying a property of an object, and performing additional operations or modifying the returned results.
The typical ones are Object.defineProperty() and the new Proxy object in ES2015. The most famous application of data hijacking is two-way binding, which is also a must-have interview question that has been discussed badly. For example, Vue 2.x uses Object.defineProperty() (Vue switched to Proxy for implementation after version 3.x).
Browser vulnerabilitiesThe existence is due to the limitations of the programmer's ability, experience and security technology at the time, and there will inevitably be deficiencies in the program. Unforeseen errors occur when the program encounters a problem that seems reasonable but cannot actually be handled.
When hackers carry out network attacks, the main target is not the operating system. The main target of the attackers is the browser used in the operating system. It is said that Microsoft's IE browser is ambushed from all sides. Too much, computer hackers often use IE browser vulnerabilities to carry out virus attacks, causing many users to suffer losses.
At present, many browsers have versions suitable for multiple operating systems. The browsers used in Windows systems can also be used in other operating systems, so no matter which operation you are using System, attackers can find a breakthrough in the browser.
Because all current web browsers have various vulnerabilities and are one of the most vulnerable targets for hackers. There are more than 300 browser vulnerabilities reported by the Common Vulnerabilities and Risks (CVE) organization. Each browser manufacturer has dozens of products.
The above is the detailed content of What are the main security risks in browsers?. For more information, please follow other related articles on the PHP Chinese website!