A few months ago, Window Snyder (Chief Security Officer at Mozilla Corporation), in an interview for Computerworld, explained that it is impossible to build a perfectly secure browser. Reading the Browser Security Handbook published a few days ago by Google helps us understand why this is the case. 
And when the browser is required to support more and more file formats, the number of potential vulnerability sources is more and more important.
“It’s impossible to build a perfectly secure browser” — Window Snyder
And then last week we learnt that Microsoft is being hit by a critical vulnerability in IE (perfectly analyzed by websense) which is heavily exploited to infect Windows hosts. Discovered at the same time as the December Patch Tuesday, the vulnerability is likely to do a lot of damages before Microsoft is able to publish a hotfix, especially as the available workarounds are not easy to apply. To contain the risk, Microsoft should release an out-of-band patch for IE immediately.
Which leads us to the inevitable conclusion that the browser is an incredibly risky environment, constantly under attack; and sooner or later, a zero-day attack, a previously unkown vulnerability, or simply a badly designed plug-in will leave your information systems exposed. The solution is to put the browser in a virtualized environment, preventing web-based malware infecting the user’s PC before spreading across the corporate network.
