Jump to content
Login new information ×
Login new information
Donations campaign phase one 2024

And the prize for LEAST SECURE goes to ... Chrome!

Reefa

By Reefa
in Security & Privacy News

Recommended Posts

Reefa

Reefa

Posted
Posted

More vulnerabilities were reported in Chrome last year than any other core software according to research which also found 2014 clocked record numbers of zero day flaws.

The Secunia Vulnerability Review 2015 report (pdf) is built on data harvested by the company's Personal Software Inspector tool residing on "millions" of customer end points, each with an average of 76 installed applications.

It found the Choc Factory's web surfer gathered more vulnerabilities than Oracle Solaris, Gentoo Linux, and Microsoft Internet Explorer which rounded out the top four among the analysed core products.

Chrome leads the browser pack with 504 reported vulnerabilities followed by Internet Explorer with 289 and Firefox with 171. Some 1035 flaws were reported across all browsers including Opera and Safari, up from 728 in 2013.

The security firm says Mozilla clocked the most number of un-patched users, followed by Chrome and Internet Explorer, although this could be because installed secondary browsers were often unused.

The report further reveals vulnerabilities increased 70 percent from 728 to 1035 by the end of 2014, with un-patched zero day flaws rising from 14 to 25.

Total vulnerabilities reached 15,435 relating to 3870 applications from 500 vendors. That is an increase of 18 percent over the reporting period and 55 percent since 2009.

Of those, 1698 (11 percent) are deemed highly critical and 43 (0.3 percent) are extremely critical.

More than half of Foxit PDF users did not apply patches, compared to 32 percent of users of the utterly dominant Adobe Reader. The Flash factory produced 43 vulnerabilities that year compared to a mere two for Foxit.

Some 83 percent of vendors patched their wares before vulnerabilities were publicly disclosed compared to half in 2009.

The report finds remote network attacks are more common (60 percent) than local vectors (33.4 percent).

http://www.theregister.co.uk/2015/03/26/chrome_trumps_all_in_reported_vulnerabilities/
Link to comment
Share on other sites
  • Replies 19
  • Views 1.8k
  • Created
  • Last Reply
Joe13

Joe13

Posted
Posted

Welcome to the Secunia Vulnerability Review 2015

https://secunia.com/resources/vulnerability-review/introduction/

The annual Secunia Vulnerability Review analyzes the evolution of software security from a vulnerability perspective.

It presents global data on the prevalence of vulnerabilities and the availability of patches, to map the security threats to IT infrastructures, and also explores vulnerabilities in the 50 most popular applications on private PCs.

Vulnerability Update - All Vulnerability Update - Top 50 Time to Patch - All Open Source Vendor Update Browser Security PDF Security

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
Posted

you know?, firefox makes an excellent pdf reader

They actually have their reader as a Chrome extension.

It is pure JS, which is sandboxed to hell, as opposed to Chrome being a native plugin. But I have had it not load parts of certain PDFs.

Link to comment
Share on other sites
smallhagrid

smallhagrid

Posted
Posted

I may be miscomprehending all this, but:

you know?, firefox makes an excellent pdf reader

They actually have their reader as a Chrome extension.

It is pure JS, which is sandboxed to hell, as opposed to Chrome being a native plugin. But I have had it not load parts of certain PDFs.

Sumatra and others plug right into Firefox and work quite well so yes - it can be a good PDF reader.

And back to the OP=>

Chrome ??

Is it in any way reasonable to expect the Big G's browser - which is also certifiably brain dead - to actually be in any manner secure ??

Seems a bit oxymoronic to me, but that is just my 2.5 cents...!

Link to comment
Share on other sites
smallhagrid

smallhagrid

Posted
Posted

Chrome: The browser of choice for folks who think their computer is just a TV.

(This is why its market share rises as folks get dumbed down further & further.)

Link to comment
Share on other sites
dcs18

dcs18

Posted
Posted

Please offer your opinions on the most safe browser today...

That would make it off-topic - these folks are doing just great. ;)

Link to comment
Share on other sites
Joe13

Joe13

Posted
Posted

PDF security - a snapshot

A look at vulnerabilities in the 5 most popular PDF readers - Adobe Reader, Foxit Reader, PDFXChange Viewer, Sumatra PDF and Nitro PDF Reader.

There has been a decrease from 70 to 45 in the number of vulnerabilities discovered in the 5 most popular PDF readers - Adobe Reader, Foxit Reader, PDFXChange Viewer, Sumatra PDF and Nitro PDF Reader

45 vulnerabilities were discovered in the 5 most popular PDF readers in 2014. 70 vulnerabilities were discovered in the 5 most popular PDF readers in 2013.

At 85%, Adobe Reader has an almost monopoly-like share of the market. There were 43 known vulnerabilities in the program, and 32% of the users left it unpatched.

Foxit Reader had 1 vulnerability. PDFXChange Viewer, Nitro PDF Reader and SumatraPDF each had 0.

PDF Security

Link to comment
Share on other sites
smallhagrid

smallhagrid

Posted
Posted

Uncertain how to say this correctly, but...:

Please offer your opinions on the most safe browser today...

I don't think there is or ever will be any such a thing !!

It is the content that is 'unsafe' and nothing can ever protect from every sort of malicious code 100%.

Browsers just display what they are pointed at.

Maybe a better sort of query might be:

'Which AV/firewall best protects against malicious sites & code from the 'net ??'

My 2.5 cents on 'safety':
'Tis a highly unsafe world that we live in so we can only do the best we can to stay safe & sane in this world.

Link to comment
Share on other sites
212eta

212eta

Posted
Posted

The more Chrome gains Market Share, the more Chrome will be attacked on.

From the PDF you posted a few days ago seems there losing ground in popularity .

TUrk5Ew.png

The above graph is only for the users who answered the AV-C Annual Survey;

However, it is not very representative of what is going on globally:

x9vh2nw9rwom21i38qek6_s.jpg

Source

Once Firefox comes out with Shumway to play Flash videos,

Chrome is going to have big trouble staying in the lead.

http://www.expertreviews.co.uk/software/1402700/firefox-looks-to-kill-off-flash

I hope so, as I like Firefox more than Chrome... :yes:

:cheers:

Link to comment
Share on other sites
CODYQX4

CODYQX4

Posted
Posted

The more Chrome gains Market Share, the more Chrome will be attacked on.

This is very accurate.

They arguably have a more secure browser than Firefox, due to more restrictions, sandboxing, and trying their hardest to put the damn NPAPI plugins in the ground where they belong in a modern web world.

I'd say Firefox with no addons is inherently less secure than Chrome, and as far as addons go I have all the script blocking stuff on FF and Chrome.

But once Chrome became the 800LB gorilla in the room as far as marketshare, AND provided cash incentives to hack it, they obviously get lots of bugs.

Reported vulnerability count is a pathetic measure of absolute security. If I make my own crappy buggy personal browser from scratch, nobody will ever publish a 0day for it, and for every reported flaw there can be 10 - 100 million new ones.

Link to comment
Share on other sites
212eta

212eta

Posted
Posted

If Google is not going to excessively protect Chrome,

it will end up being the new 'Internet Explorer'

in terms of vulnerabilities...

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...