In the recent audit carried out by the German Federal Office for Information Security (Bundesamt für Sicherheit in der Informationstechnik, or BSI), among the desktop web browsers that were audited — Google’s Chrome 76, Microsoft’s Edge 44 and Internet Explorer 11, and Mozilla’s Firefox 68, only Firefox pass all minimum requirements for mandatory security features.
The audit was carried out using rules detailed in a guideline for “modern secure browsers” that the BSI published last month, in September 2019. The BSI normally uses this guide to advise government agencies and private sector companies on what browsers are safe to use.
According to BSI’s updated guidelines, a truly secure browser has to support up-to-date technologies like TLS, HTTP Strict Transport Security (HSTS), Same Origin Policy and Content Security Policy (CSP) 2.0.
The browser must also support automatic updates, and not just for its own code. It must also handle updates for extensions, and the two mechanisms need to function independently of each other.
Areas where the other browsers failed include: Lack of support for a master password mechanism (Chrome, IE, Edge); No built-in update mechanism (IE), and No option to block telemetry collection (Chrome, IE, Edge).