Secunia has recently released its Vulnerability Review 2015 which reports that more vulnerabilities were discovered in Chrome during 2014 than any other piece of core internet software – almost double that of the next nearest contender Internet Explorer.
Actual results concluded by Secunia are:
- Chrome – 504 reported vulnerabilities
- Internet Explorer – 289 reported vulnerabilities
- Firefox – 171 reported vulnerabilities
- Total across all browsers (including Safari and Opera) – 1035 reported vulnerabilities
Secunia’s annual Vulnerability Report is collated from data harvested by the company’s Personal Software Inspector tool residing on “millions” of consumer machines, with an average of 76 installed applications across the board.
Of course, being an “industry-wide significant global player within the IT security ecosystem, in the niche of Software Vulnerability Management” (their words, not mine), it’s in Secunia’s interests to talk up these holes in popular applications. On the other side of the coin, Google would like users to know that counting vulnerabilities is inherently misleading, with the majority of reported bugs patched quickly or not even exploitable in the first place. <source>
The Secunia report goes on to reveal that overall vulnerabilities increased by 70%, from 728 during 2013 to 1035 during 2014, with un-patched zero day flaws rising from 14 to 25.
Of course, these types of reports, although interesting, often involve vested interests and should generally be taken with a grain of salt. In my humble opinion, the best possible browser security is a user’s own common sense and the most secure browser is always the one which lays in the hands of the most security conscious user.