A report compiled by security company Bit9 has named the “dirty dozen” web browsers with the most discovered vulnerabilities, and the results, which have been posted by NeoWin come as something of a, well let’s face it, a major surprise.
Bit9′s CEO, Harry Sverdlove said “A variety of vulnerability types – including buffer-overflow and cross-site scripting vulnerabilities – impacted these applications. Some exploits of vulnerabilities could allow attacks to compromise the user’s desktop entirely and perhaps pose a risk for the entire organization. A list like the annual ‘Dirty Dozen’ highlights trends and the need to make sure software is kept updated.
The biggest surprise is that Google’s Chrome browser tops the vulnerabilities list with 76. Safari and Firefox also scored badly with 60 and 51 respectively. Conversely, Internet Explorer had only 32. The complete list is below.
- Google Chrome – 76
- Apple Safari – 60
- Microsoft Office – 57
- Adobe Acrobat – 54
- Mozilla Firefox – 51
- Sun JDK – 36
- Adobe Shockwave Player – 35
- Microsoft Internet Explorer – 32
- RealNetworks RealPlayer – 14
- Apple Webkit – 9
- Adobe Flash Player – 8
- Apple Quicktime and Opera Web browser (tied) – 6
This will obviously be inflammatory news to anyone who doesn’t like Internet Explorer (though recently versions of the browser cannot be compared to IE6) and there will people who will point to all the ‘undiscovered’ vulnerabilities in the browser.
However it pans out over time, it’s clear that Microsoft’s recent strategies are paying dividends for the company in terms of helping increase their reputation around the world. It will be interesting to see how IE9 stacks up against the other browsers in 12 months time.
Related Articles:
Another Report Finds Internet Explorer 8 To Be The Most Secure Web BrowserSecure Internet Explorer With IEController
How To Reset Microsoft’s Internet Explorer Browser
TrendMicro Browser Guard, Explorer Security Plugin
Microsoft Whitepaper About Internet Explorer 8 Performance
Enjoyed the article?: Then sign-up for our free newsletter or RSS feed to kick off your day with the latest technology news and tips, or share the article with your friends and contacts on Facebook, Twitter or Google+ using the icons below.
Nice done MS, but what about Opera?
Apple Quicktime and Opera Web browser (tied) – 6
Google is paying lot to bug /vulnerabilities finders in Chrome where that all gone . Surprising to see the sandboxed browser is more vulnerable than IE .
Isn’t Opera is most secured with least vulnerabtilities 6. Am I missing something here.
Sandboxing protects the system on which the browser runs as opposed to the browser itself, so although chrome has more vulnerabilities than IE sandboxing should still help to protect the OS.
What is Opera browser then if not a web browser ?
Give me a break !! Who paid you off !
Mike article is neutral, no one paid any buck to him, I red about this before on other blog. So it is just letting us know.
which IE version was tested?
I take from that, that every web browser is insecure. Would be interesting to know about the severeness of the discovered vulnerabilities, and how long it took the devs on average to fix a vulnerability after discovery.
My thoughts exactly. Bigger numbers are not necessarily worse, it’s a matter of interpretation of the results. A browser with only a few vulnerabilities would be a lot worse if these allowed a hacker access to the system to run malicious code and take control.
This must be a joke!?
“IE is the most secured” -measured by Microsoft?
“Opera is not a browser” … so what am I using right now if not a browser?
This is good for people who click the “e” icon to “open the internet”. But IE is not for me.
But then again, they are probably still using XP.
There’s also the fact that there’s not even a single mention to the versions tested.
Also, “Sun JDK”? Don’t they mean “Sun JRE” (or “Oracle JRE” if you want to be more specific). And by “Apple Webkit” they mean “Safari”?
Rex you can install the JDK which includes the JRE as far as I know. Bigger download though and lots of functionality that non-developers do not need. I have long stopped giving anything about these kinds of listings.
Whats wrong with XP?
Still a good OS. Better than Vista. Windows 7 is better, thats it.
One thing is for sure — there is no lack of reports; often with different conclusions, depending on which browser vendor the researchers are closest to both ideologically and financially.
Most reports go by the reported amount of vulnerabilities. With more source code changes, more vulnerabilities come and go. One way to make a better estimate of how “safe” a browser is, is to look at which vulnerabilities are “out there”. Considering the hordes of non-upgraded old Internet Explorer users to the more or less fully updated IE competitors, the reality might be that out of all security compromises happening, even with adjustment for browser popularity, I suspect that IE would come quite higher up.
But it’s all up to you which kind of report to care for. Mostly people read and repeat stuff of the kind they like themselves. Food for thought?
I’d need to know a LOT more about the testing methodology to take anything about this report seriously. Typically, browsers competing with MIE are often tested in raw form – in which state they’re simply not designed to be used. Was – for instance – Firefox assessed ‘bare’? In which case I’m not surprised it was found wanting. Tested with the now common range of security add-ons almost all users have, and it might be a different matter.
no offence, but the title should be ..
Google Chrome is THE LEAST Secure Web Browser… Who’d Have Thought That!
or..
Opera is THE MOST Secure Web Browser… Who’d Have Thought That!
and please correct me if i’m wrong..
“Opera is THE MOST Secure Web Browser… Who’d Have Thought That!”
Should be:
“Opera is THE MOST Secure Web Browser… Who Didn’t Know That!”
btw. Is It Normal To Caps All The First Letters? No, it’s stupid.
yes you’re right, thanks for correcting me
@mk
“btw. Is It Normal To Caps All The First Letters? No, it’s stupid.”
You are referring to the article writer Mike Halsey correct?
@operaUser
You are correct in your original post. You just wrote it like the article writer did.
Well, what about Firefox + NoScript on Win7 (with DEP, Mandatory ASLR, HeapSpray Allocation + NullPage, SEHOP & EAF forced on) ??
I actually don’t think ANY exploit will be able to execute malicious code on the target. And those DoS exploits (which mostly just crash FF) isn’t dangerous in the same way as remote code execution.
What about no browser at all ;)
Security questions based on discovered vulnerabilities may not be the best metric for saying something is secure or insecure, and there’s certainly something to be said for Chrome’s youth and bugs being found more frequently in open source model.
More important is the severity of these bugs and how quickly they were patched. One major remote-execution bug is a whole lot worse than lots of minor bugs. The link doesn’t seem to detail that.
For example, another article from earlier this year seems to indicate the opposite: http://www.taranfx.com/most-secure-browser
The title is wrong, is clear that in this test Opera is the most secure at all.
interesting…but…sounds like bs.
first of all what version are we talking about, second of all, what consequentness are we expecting from these exploits?
http://en.wikipedia.org/wiki/Comparison_of_web_browsers#Vulnerabilities
While IE may have had the least vulnerabilities discovered, it is the only one with known unpatched ones. Other browser vendors release patches much faster then Microsoft.
Least discovered != most secure.
The above article is poorly written. Versions of the web browsers being compared and or tested and when tested on which operating system and hardware specification are not mentioned. Secondly according to the article the browser with least vulnerabilities is Opera with 6 and not IE with 32 vulnerabilities. Opera is thus the best web browser period!