We're considering a switch from Adobe Acrobat Reader DC to opening PDFs directly in browsers like Edge. Currently, we use security policies that enable protected mode and protected view in Adobe, but users frequently complain about its slow launch time. I'm curious if there are any security concerns about using browsers for PDF viewing instead of a dedicated application. Is the sandboxing feature in browsers like Edge effective enough to mitigate risks?
5 Answers
I think Edge and Chrome might be more secure than Adobe. They're usually quicker to patch vulnerabilities. Plus, I’ve been moving away from Adobe Reader too – it can be a real resource hog. PDF X-Change is another solid alternative.
There are always security concerns with opening PDFs, no matter where you do it. The key is to keep your tech updated and implement the right security policies. Switching from Adobe Acrobat won't magically solve security risks. If it's deemed safe enough by government facilities, then using it in your setup should be okay. Just make sure you have good security software and countermeasures ready, just in case.
It ultimately comes down to where you have more faith in the sandboxing. Browser-based viewers benefit from the browser's isolation, while Acrobat has a larger attack surface due to its complexity. Personally, I find the browser option simpler to manage especially at a larger scale.
When it comes to using Edge or Chromium, the PDF rendering happens through a JavaScript program in the browser's sandbox. Exploiting this sandbox is quite rare, so if you have JavaScript enabled, opening PDFs in Edge doesn’t really introduce new risks.
I’m all for eliminating Adobe Reader. Most users only need basic functionality in a PDF Reader, so switching to a browser viewer makes sense.
That seems reassuring! It’s good to know the risk isn't significantly higher with browser viewing.