Chrome trumps all comers in reported vulnerabilities

Beats Solaris, flattens Gentoo

49 Reg comments Got Tips?

More vulnerabilities were discovered in Google Chrome last year than any other piece of core internet software – that's according to research that also found 2014 clocked record numbers of zero-day flaws.

The Secunia Vulnerability Review 2015 report [PDF] is built on data harvested by the company's Personal Software Inspector tool residing on "millions" of customer end points, each with an average of 76 installed applications.

It said the Chocolate Factory's web surfer had more reported vulnerabilities than Oracle Solaris, Gentoo Linux, and Microsoft Internet Explorer which rounded out the top four among the analysed core products.

(Obviously, it's in Secunia's interests, as a security tool maker, to talk up holes in applications; Google's engineers would like you to know that the reported bugs are patched, or not even exploitable in the first place, and counting vulnerabilities is misleading.)

Chrome leads the browser pack with 504 reported vulnerabilities followed by Internet Explorer with 289 and Firefox with 171. Some 1035 flaws were reported across all browsers including Opera and Safari, up from 728 in 2013.

Secunia says Mozilla clocked the most number of un-patched users, followed by Chrome and Internet Explorer, although this could be because installed secondary browsers were often unused.

The report further reveals vulnerabilities increased 49 percent from 728 to 1035 by the end of 2014, with un-patched zero day flaws rising from 14 to 25.

Total vulnerabilities reached 15,435 relating to 3870 applications from 500 vendors. That is an increase of 18 percent over the reporting period and 55 percent since 2009. Of those, 1698 (11 percent) are deemed highly critical and 43 (0.3 percent) are extremely critical.

More than half of Foxit PDF users did not apply patches, compared to 32 percent of users of the utterly dominant Adobe Reader. The Flash factory produced 43 vulnerabilities that year compared to a mere two for Foxit.

Some 83 percent of vendors patched their wares before vulnerabilities were publicly disclosed compared to half in 2009.

The report finds remote network attacks are more common (60 percent) than local vectors (33.4 percent). ®

Keep Reading

In a world where up is down, it's heartwarming to know Internet Explorer still tops list of web dev pain points

Incompatibilities and inconsistent standards support among browsers ensure an ongoing source of headaches

Azure DevOps Services reminds users that, yes, it really is time to pull the plug on Internet Explorer 11

Ignite Sure, it's still wedged in the OS, but maybe you'd prefer something shiny and Chromier?

We've come to wish you an unhappy birthday: Microsoft to yank services from Internet Explorer, kill off Legacy Edge by 2021

You need to give that plate back to us after you've finished your cake. Yes the fork too. We'll get your coat

Microsoft teases Azure Data Explorer connector for picking its Synapse analytics service's brains

What do you mean you're not on board the Big Data bus?

If you never thought you'd hear a Microsoftie tell you to stop using Internet Explorer, lap it up: 'I beg you, let it retire to great bitbucket in the sky'

We say take off and nuke the entire codebase from orbit. It's the only way to be sure

Disabled by default: Microsoft ups the ante in its war against VBScript on Internet Explorer

Will the last IE 11 user please turn out the lights?

Nine words to ruin your Monday: Emergency Internet Explorer patch amid in-the-wild attacks

Update browser ASAP after Google gurus spot miscreants abusing bug to hijack PCs

Edge, Internet Explorer users Czech their settings after MSN 'forgot' their language

Surfers faced with challenging feeds on a new tab

Biting the hand that feeds IT © 1998–2020