Google Chrome & Firefox Have More Vulnerabilities Than Flash And Java Combined
Time to go back to IE?
Now here is something you won’t hear that often. Despite the common hate for Adobe’s Flash and Oracle’s Java plugins, it looks like they are not the major offenders when it comes to the actual number of vulnerabilities.
According to the latest report by security firm Secunia, Google Chrome, Firefox and iTunes are responsible for the majority of Windows security issues. As it turns out, 86% of all Windows vulnerabilities in 2012 (up from 78% last year) come from non-Microsoft applications and here is the actual list (vulnerabilities – product name):
291 – Google Chrome
257 – Mozilla Firefox
243 – Apple iTunes
67 – Adobe Flash Player
66 – Oracle Java
What was the actual sample size? According to Secunia’s Personal Software program, there were 9,776 software vulnerabilities in a total of 2,503 applications that were released by 421 companies.
So here a tip of the week for you: switch to Internet Explorer. Saying that does feel weird, actually.
[Via: Neowin]
[Source: Secunia]
About (Author Profile)
Vygantas is a former web designer whose projects are used by companies such as AMD, NVIDIA and departed Westood Studios. Being passionate about software, Vygantas began his journalism career back in 2007 when he founded FavBrowser.com. Having said that, he is also an adrenaline junkie who enjoys good books, fitness activities and Forex trading.
That’s not enough to prove something, or is it?
And I think they should at least say how many of those vulnerabilities have been fixed.
How severe are the individual vulnerabilities? Which applications are currently being used to attack systems? Where do old IE browsers fall in this data?
Seems like there is some missing info if we’re talking about recommendations.
That report is the largest load of hoarse shit I’ve ever seen. For anyone who actually read the report you’d have seen it doesn’t give specifics for each application about which browsers left their exploits unpatched, how many each browser received from their “Secunia Vulnerability Criticality Classification” or exactly how long each of these took to patch.
It doesn’t allow us to verify their claims or come to our own conclusions. They just wrap it up all pretty in a table with a single number. 90% of the paper are massive useless charts and infographics. It’s just a sales pitch to executives that don’t understand technology.
All this proves, paradoxically, is that Chrome and Firefox are the two safest and most secure software on the market.
@Vygantas
Do not talk security when you are just skimming details.
1) IE is not included in data you provide. Do not make recommendations based on missing data.
2) You do not weight risk of vulnerabilities. Having dozens of dozens of peaty problems is favourable to having just one that is extremely dangerous. And do not make recommendations based on missing data.
3) Time to patch is not specified either. Its better to have dozens of vulnerabilities than to have one of same level of risk that is not patched for full year. And do not make recommendations based on missing data.
4) Secunia did not disclosed what they considered vulnerability.. Did they count 64/32 as separate or as same vulnerability? What they counted? Only vendor confirmed information or 3rd party reports? Did they check reports (to see if vendor/3rd party do not put multiple vulnerabilities in one basket?). Did they make sure that data from different sources is normalized? And do not make recommendations based on missing data!!!
PS No I have no real reservations about data provided by Secunia. I just do not understand ignorant people who like to jump to conclusions if math is easy, and will not in any event stop to consider if real world is a bit more complicated..