Most Secure PDF viewer: Chrome PDF Viewer

13 Jan 2013

Stop using Adobe Reader and Foxit Reader. Use Google Chrome's PDF viewer. I didn't do any tests or research to make this determination. Just my gut feeling.

Although Adobe has improved the security situation a lot with sand-boxing Reader and allowing you to disable javascript, Adobe Reader is still a bloated monstrosity (it can play flash files!) and a large attack surface like that is hard to secure.

Foxit is a Chinese company, and my jingoist box isn't letting anything with that origin near it. :) Actually, there recently was a vulnerability for Foxit Reader which was a trivial buffer overflow of a filename that is too long, which is such a basic security check, that for me, it really calls into question the rest of the security of the software.

Foxit Reader is not sandboxed in any way. Adobe Reader's sandbox only restricts it's privileges. Google Chrome has become the standard in how to make a proper sandbox on Windows with it's NaCL technology.

If when you look at a PDF in Google Chrome, it has the following set of icons, then you're using Google Chrome's PDF viewer. Double-check by going to chrome://plugins/. I only have "Chrome PDF Viewer" and "Adobe Flash Player" enabled there.

This viewer meets all my needs. You can drag and drop files to Chrome and it will open them automatically with the PDF Viewer. I have uninstalled all other viewers. There are various posts online saying the technology underlying this is either Adobe's or Foxit's, but I think it's Google's Skia engine. In any case, I feel most comfortable with this as my PDF viewer.

Another interesting alternative (if you're the type that really likes to avoid the crowds to stay secure), is to use PDF.js which is entirely Javascript alternative, and has a Firefox plug-in. Update 2013-01-13: Looks like Mozilla will soon use this as their default PDF viewer according to blog.mozilla.org.

Using evince, GSview, xpdf, and some of the other alternatives are just not great user experiences in my opinion, and any time you try using a "Built for Linux" solution in Windows, things tend to not be as secure (they are often compiled with GCC and end up not having DEP and ASLR enabled).