Study: Google's Chrome leads with most Windows vulnerabilities

When you download any software program on your desktop or laptop PC, there's always a risk that there will be a flaw in the program that will be exploited by hackers. This week, a new study from the security firm Secunia claims that the number of software programs that are not made by Microsoft that have some kind of vulnerability is actually increasing.

The study results show that 86 percent of programs that the firm said has security issues came from non-Microsoft applications, an increase compared to 78 percent from the year before. The actual report, based on data recorded by Secunia's Personal Software Inspector program, showed there were 9,776 software vulnerabilities in 2,503 applications released by 421 different companies in 2012.

Google's Chrome web browser topped the list with 291 vulnerabilities in 2012, followed by Mozilla's Firefox browser with 257, Apple's iTunes with 243, Adobe's Flash Player with 67, and Oracle's Java with 66. Secunia says the study shows that Microsoft is doing a better job in making sure its own programs are more secure from exploits.

That's the good news. The bad news is that the study seems to show that large businesses need to do a better job in making sure that their third party programs don't leave their PC systems open to attack. Morten R. Stengaard, Secunia’s Director of Product Management, states:

The number of vulnerabilities is on the increase, but many organizations continue to turn a blind eye, thereby jeopardizing their entire IT infrastructure: It only takes one vulnerability to expose a company, and no amount of processes and technology that supports operating systems and Microsoft programs will suffice in providing the required level of protection.

Source: Secunia
Security image via Shutterstock

Report a problem with article
Previous Story

Poll: How important is a cell phone's material?

Next Story

Nokia expanding efforts to get Windows Phone Instagram app

99 Comments

Commenting is disabled on this article.

Is that even remotely surprising?

Why do you think, considering Chrome is basically the newest browser of the major ones, that it's at version 25 already? Biggest POS browser there is, IMO.

Don't usually care what the looks (gui) of a program are, as long it works correctly, but this browser and Safari, are the 2 dumbest designed browsers ever!

If you really feel you must follow the crowd and use Chrome just because everyone who THINKS they know what is good, at least use a decent version of it and that version is called SRWare Iron, http://www.srware.net/en/software_srware_iron.php

and what makes you think Iron is superior? It's built on the Chromium base just like Chrome is and is updated far less often.

Privacy? Nope. It does nothing special in that regard either. Iron has been proven to be nothing more than a revenue stream for the developer who does nothing more than build the Chromium source and slap the Iron name on it.

insanitybit.com/2012/06/23/srware-iron-browser-a-real-private-alternative-to-chrome-21/

The Best is to learn how to use Comodo Defense+ correctly.

Create a defense+ rule defining/limiting COM, registry, files and inter-process memory access amongst other things. Assign the policy to third party apps like Chrome, Firefox , flash plugin, etc. Even if there is a vulnerability in such cases the exploit hits a brick wall. This is different to the complete visualization of the app but as effective if configured correctly!!

Obviously Firefox with noscript and requestpolicy does prevent a lot of internet nasties.

Amazing....iTunes mor problematic vs Flash. Yet Jobs spoke likr flash is trash...when itunes is the real POS. Apple has always sucked at msking apps. Quicktime has to be the buggiest, s let iw video player of all time.

MC GEEK said,
hasn't this always been the case...?

No. Chrome has actually won a number of independent security-related competitions. So this result was a bit surprising to me. I'd guess, say, Safari before Chrome.

I remember I read somewhere which a hacker who tested that IE, Firebox, Chrome, or others. Hacker said, "Chrome is best than others!" it doesn't any make sense to me. I knew it is not tuth.

Before Windows 8 and IE10

"All of that isn't to say all defenses are created equal. The sandbox fortifying IE, which is often referred to as Protected Mode, is easier to bypass than a similar protection in Google's browser according to Bekrar."

"Unfortunately for Microsoft, it's easier to escape the sandbox in IE than escape the sandbox in Chrome," he said while within earshot of several senior Microsoft security managers. "The IE sandbox is less restrictive and has many memory corruptions, which is not the case with the Google chrome sandbox."

"The (new) protected mode is much more secure, much more restrictive," Bekrar said. "IE 10 on Windows 8 will be a big challenge for us to create an exploit for it."

http://arstechnica.com/busines...-stomped-at-hacker-contest/

That is the most stupid research ever, you ask the companies of they have security issues with their software and every one of them oh no we don't, and we all know that they are damn full with vulnerabilities.

The only one who is trying to be vulnerability free is Chrome, and it is giving millions of dollars if you discover one, this is why there are more reported.

Give a few millions of $$$ for people to report software vulnerabilities every ware else, and things will just change very dramatically.

riiiiiiiight....so everyone is lying and google is telling the truth because they are angles after all. uh huuuuuh.face it,they write ****ty code that's full of bugs.Just look at android. What a **** poor architecture. You want us to believe that google knows how to write secure code? A lot of their security relies on windows great security,and whatever doesn't rely on windows' security ends up being insecure.

Not all organizations disclose vulnerabilities the same.
The amount of vulnerabilities also does not equal exploits
And not all vulnerabilities are equal.

According to cvedetails in 2012;

Google Chrome = 249 vulnerabilities - 195 (78%) were simple DoS vulnerabilities - 13 (0.05%) were code execution

Mozilla Firefox = 162 vulnerabilities - 69 (43%) were DoS vulnerabilities - 105 (65%) were code execution

Internet Explorer = 23 vulnerabilities - 1 (0.04%) was a DoS vulnerability - 16 (70%) were code execution

http://www.cvedetails.com/prod...-Chrome.html?vendor_id=1224
http://www.cvedetails.com/prod...-Firefox.html?vendor_id=452
http://www.cvedetails.com/prod...rosoft-IE.html?vendor_id=26

Why do you mess with the percentages? Want to give Chrome a good look? Since when is 13 of 249 only 0.05%, same for 1 of 23, that's not 0.04%... Also, if you want to compate Chrome to IE, it's also nice to take Webkit itself to, what adds a lot of vulnerabilities to the count too.

I've been working on computers for years. I'm yet to see someone who has gotten their computer infected using Chrome. Yet I constantly see it happening to people using IE. Toolbars, trojans, spyware...

The fact that Google take responsible disclosure so seriously is a positive in my book. Given how secretive Microsoft and Apple are I'd wager there are plenty of unreported vulnerabilities in their software that they either haven't fixed or fixed without disclosure.

Never had a single infection in 4 years of Chrome usage myself either.

People who use Chrome are more likely to be Computer inclined, this is the reason you see those results. If I gave my Grandma Chrome I'm sure that she could just as easily mess things up as if she were using IE or Firefox.

Google take responsible disclosure seriously? Pull the other one. Google is possibly the single most litigated against company in history. Nobody trusts Google. If you do then you're a first.

Here is Asia Google are heading for the exit rapidly. They're not trusted and they're not wanted. If you like them you can keep them.

Hm,
9776 Vulnerabilities.
86% were in non Microsoft programs. Which implies 14% were from Microsoft programs.
14% of 9776 is 1368 (rounding down)
Suddenly Google's 291 don't look so bad.

MadnessRed said,
Hm,
9776 Vulnerabilities.
86% were in non Microsoft programs. Which implies 14% were from Microsoft programs.
14% of 9776 is 1368 (rounding down)
Suddenly Google's 291 don't look so bad.

Hm, nice false equivalency. Chrome is one application, the Microsoft ecosystem is composed of thousands of executables.

magebleck said,
Yeah. how about comparing apples to apples. Google Chrome vs Internet Explorer.

Chrome: 291 vulns
Internet Explorer: 51 vulns

51? The PDF stated 41.

Nice keyboard, I know it's probably made up in photoshop but does anyone know if a similiar keyboard exists? Looks like one of those aluminium apple keyboards - only - nice.

Ok so wait a minute... Google fixes 291 vulnerabilities in 2012 for their Chrome browser... and it's considered the most vulnerable? Chances are the other browsers have just as many issues that went unfixed or even yet to be discovered. Let's not forget Google pays people to find them also, so that helps increase the amount found/fixed.

Just seems like a bad way to figure out the most vulnerable. Since I bet most of those vulnerabilities have been fixed by Google. Title should be "Google most proactive at fixing vulnerabilities in Browser"

we suck at coding,but we're so good at fixing our screw ups,yaaaaaay we should get rewarded and patted on the back.....NO

as a google or chrome fan,you can be dissatisfied with this news all you want,but there are no facts to back up that others have more vulnerabilities.until something like that happens,chrome takes the crown.

Do I see the same double standards that firefox users had when their browser became exploit central after telling us for years that this could never happen because it was open source and not part of the os... I do!

and as always, fix introduce new vulnerabilities,
just look at Windows NT for example... they need to patched at regular basis,
yet there still vulnerabilities poping out.

John Callaham said,
Um..the report talks about the vulnerabilities that were discovered..not how many were fixed..

Exactly, and if they were found, I'm 99.999% sure Google fixed all of them. They are VERY pro-active about it.

xendrome said,

Exactly, and if they were found, I'm 99.999% sure Google fixed all of them. They are VERY pro-active about it.


Which issues have been fixed is public information afaik. You cannot really be 99% sure until you've actually looked them up, so you should be 0% sure.

Edited by Lamp Post, Mar 18 2013, 1:35pm :

Wait chrome beat out iTunes? That's crazy. That's some serious allegations going on her i'm hoping another expert (so called Internet experts need not apply).

If this turns out to be true it seems most of these chrome users who've been touting chrome's security are in for a surprise.....or most likely it won't be a surprise because they won't believe it.

What's surprisingtto me is that out of 9000+ vulnerabilities chrome Firefox and iTunes account for almost 1000

MS' main security problem was Windows but that has been getting more and more locked down since XP SP2. IE has also been on a good track to, after you take these two out of the list then there really isn't anything else that comes to mind as a major attack target from them.

ShareShiz said
Time to switch to Internet Explorer
Yeah No... I'd rather not use something that crashes after having 10 tabs and slow as s***..

dtourond said,
Yeah No... I'd rather not use something that crashes after having 10 tabs and slow as s***..

Have you time travelled from the 2001/IE6 era to the present time? Because IE10 is nothing like that and is actually good and easily as fast as Chrome for page loading times, and way better with GPU acceleration. Or are you just another sheeple who doesn't know what they're talking about and has just mindlessly joined the Lets Hate IE brigade?

I'd bet the latter.

W32.Backdoor.KillAV.E said
IE10 is nothing like that
I don't know which cloud your head is in, but I'm down here where the reality is, and IE is actually like that. I've helped almost 10 people switch from IE to Chrome and they love it. Most of them like the way it looks and the others love the speed and some of them even love how stable it is (because it doesn't crash as easy as IE).

As for speed: It's nearly as fast as Chrome but as for stability, it clearly still lacks big time.

My laptop that's almost 3 years old can easily handle over 50 tabs in Chrome, while IE would crash on anything more than ~15 tabs.. That's a problem and whether you agree or not, that's one of the reasons why people choose to use other browsers.

W32.Backdoor.KillAV.E said
Or are you just another sheeple who doesn't know what they're talking about and has just mindlessly joined the Lets Hate IE brigade?
I actually know what I'm talking about and I used IE until I found out about Chrome 2 years ago. I still use IE whenever any of my other browsers such as Firefox and/or Chrome are full of tabs, but I've seen IE crash on multiple computers for the same reason, because it couldn't handle lots of tabs.

I choose Chrome because it's better at:
- Running on older hardware
- Stability (ex. Not crashing and being able to load many tabs)

dtourond said,
Yeah No... I'd rather not use something that crashes after having 10 tabs and slow as s***..

time to upgrade that Pentium III

Chrome uses more resources with multiple tabs and horrible on older hardware. Are you still using IE 8 on XP? Time to upgrade your system. This is not a problem nowadays. IE 9/10 never crashes and its fast as Chrome. The only problem with IE is it lacks web standards compared to other browsers.

dtourond said,
I don't know which cloud your head is in, but I'm down here where the reality is, and IE is actually like that.

I've been using IE10 since it went final for windows 7 on a 5 year old core 2 duo PC and haven't encountered a crash yet, and I usually have many tabs opened too.

Hating IE just for the sake of hating it is childish and ignorant.

wingliston said,
Chrome uses more resources with multiple tabs and horrible on older hardware. Are you still using IE 8 on XP? Time to upgrade your system. This is not a problem nowadays. IE 9/10 never crashes and its fast as Chrome. The only problem with IE is it lacks web standards compared to other browsers.

So are you getting IE6/7 mixed up with IE 9/10 MS has been stepping up its game and competes very well with web standards..

dtourond said,
I don't know which cloud your head is in, but I'm down here where the reality is, and IE is actually like that. I've helped almost 10 people switch from IE to Chrome and they love it.

You have helped almost 10 people? What was it 9 and a half who was the half a person or was it a vertically challenged person? Lol

ie10 is hands down way faster and way more secure than any other browser out there, it has been proven time and time again. you have helped 10 people switch from ie10 to chrome and now they are in warp speed on the internet, lol very good for a sunday laugh, I hope someone else switches them back to IE10.

considering that different browser have different sets of vulneabilities,
i prefer to use some obscure browser but compatible to website i visits.

being obscure mean less that know how to exploit it.

also use proxomitron, if you're techie enough.

dtourond said,
I don't know which cloud your head is in, but I'm down here where the reality is, and IE is actually like that. I've helped almost 10 people switch from IE to Chrome and they love it. Most of them like the way it looks and the others love the speed and some of them even love how stable it is (because it doesn't crash as easy as IE).

As for speed: It's nearly as fast as Chrome but as for stability, it clearly still lacks big time.

My laptop that's almost 3 years old can easily handle over 50 tabs in Chrome, while IE would crash on anything more than ~15 tabs.. That's a problem and whether you agree or not, that's one of the reasons why people choose to use other browsers.

I actually know what I'm talking about and I used IE until I found out about Chrome 2 years ago. I still use IE whenever any of my other browsers such as Firefox and/or Chrome are full of tabs, but I've seen IE crash on multiple computers for the same reason, because it couldn't handle lots of tabs.

I choose Chrome because it's better at:
- Running on older hardware
- Stability (ex. Not crashing and being able to load many tabs)


Chrome crashes more than IE10. He's not talking about older IE. He's talking about IE10. Your examples seem to point to older versions.

dtourond said,
I don't know which cloud your head is in, but I'm down here where the reality is, and IE is actually like that. I've helped almost 10 people switch from IE to Chrome and they love it. Most of them like the way it looks and the others love the speed and some of them even love how stable it is (because it doesn't crash as easy as IE).

As for speed: It's nearly as fast as Chrome but as for stability, it clearly still lacks big time.

My laptop that's almost 3 years old can easily handle over 50 tabs in Chrome, while IE would crash on anything more than ~15 tabs.. That's a problem and whether you agree or not, that's one of the reasons why people choose to use other browsers.

I actually know what I'm talking about and I used IE until I found out about Chrome 2 years ago. I still use IE whenever any of my other browsers such as Firefox and/or Chrome are full of tabs, but I've seen IE crash on multiple computers for the same reason, because it couldn't handle lots of tabs.

I choose Chrome because it's better at:
- Running on older hardware
- Stability (ex. Not crashing and being able to load many tabs)

IE only crashes if u dont have a lot of ram. When u open multiple tabs, IE opens a new instance of iexplore.exe which of course uses more ram. Firefox does this too. My system hsd 8gb if ram and I have opened 20 tabs in IE while having several open in firefox and chrome and they all do fine. I tok have had IE freeze up with more than 10 tabs open. U must have morw ram. Also if u have more than 4gigs...drop haing a swap file as I do. The swap cant keep up with how fast ie needs more memory when system ram is used up...even with ssd drives.

wingliston said
Chrome uses more resources with multiple tabs and horrible on older hardware.
Not from my experience. Every time I used Chrome on older hardware, It was positive. IE on the other hand, was a different story.

wingliston said
Are you still using IE 8 on XP?
I don't know if that's a joke, but if it is, it's a pretty poor one.. And no, I'm using Windows 8 Pro and I'm using IE 10.

wingliston said
This is not a problem nowadays.
Actually it still is..

wingliston said
IE 9/10 never crashes and its fast as Chrome.
You're right about the speed, but it still does crash easily.

eddman said
Hating IE just for the sake of hating it is childish and ignorant.
Well the problem with what you said there is that it's false. I don't hate IE "just for the sake of hating it". I hate using it because it's still lacking some important things that a browser should be able to do. These problems that have occurred haven't just occurred on my laptop. It's happened on countless computers over the years. The next time IE crashes I'll take a picture of it and show you.

mattacular said
You have helped almost 10 people? What was it 9 and a half who was the half a person or was it a vertically challenged person? Lol
When I said that I forgot to mention that the ten people were people that I helped recently. That's not counting everyone, I don't keep a list of everyone I've ever helped switch from IE to Chrome but I know for sure that in the past week or so, I helped 10 people.

korupt_one said
.. you have helped 10 people switch from ie10 to chrome and now they are in warp speed on the internet, lol very good for a sunday laugh
I don't see how that would make you laugh, but whatever floats your boat.

korupt_one said
I hope someone else switches them back to IE10.
I wouldn't hold your breath on it

TechieXP said
IE only crashes if u dont have a lot of ram. When u open multiple tabs, IE opens a new instance of iexplore.exe which of course uses more ram.
Do you think that 3GBs of RAM is not enough to run a browser, because with that much ram I can easily run over 50 tabs on Chrome; whereas with IE, it'll crash anywhere after ~15 tabs.

TechieXP said
Firefox does this too. My system hsd 8gb if ram and I have opened 20 tabs in IE while having several open in firefox and chrome and they all do fine.
Yes but when I had IE open, I didn't have any other program open at the time.

dtourond said,
I don't know which cloud your head is in, but I'm down here where the reality is, and IE is actually like that. I've helped almost 10 people switch from IE to Chrome and they love it. Most of them like the way it looks and the others love the speed and some of them even love how stable it is (because it doesn't crash as easy as IE).

As for speed: It's nearly as fast as Chrome but as for stability, it clearly still lacks big time.

My laptop that's almost 3 years old can easily handle over 50 tabs in Chrome, while IE would crash on anything more than ~15 tabs.. That's a problem and whether you agree or not, that's one of the reasons why people choose to use other browsers.

I actually know what I'm talking about and I used IE until I found out about Chrome 2 years ago. I still use IE whenever any of my other browsers such as Firefox and/or Chrome are full of tabs, but I've seen IE crash on multiple computers for the same reason, because it couldn't handle lots of tabs.

I choose Chrome because it's better at:
- Running on older hardware
- Stability (ex. Not crashing and being able to load many tabs)


problem is your laptop and its shiity gfx driver. It can't handle IE's full gpu acceleration.

dtourond said,
Do you think that 3GBs of RAM is not enough to run a browser, because with that much ram I can easily run over 50 tabs on Chrome; whereas with IE, it'll crash anywhere after ~15 tabs.

Yes but when I had IE open, I didn't have any other program open at the time.


How do you know it's the amount of tabs that causes it to crash?

Lamp Post said,

How do you know it's the amount of tabs that causes it to crash?

He doesn't know anything. Probably never even heard about virtual memory.

btw, IE runs just fine on my Core2 duo machine with 3GB DDR2 ****ty ram.

dtourond said,
Yeah No... I'd rather not use something that crashes after having 10 tabs and slow as s***..

I don't even understand what you are referring to. Neither IE, nor Chrome, nor Firefox, nor Safari seem to do this.

dtourond said,
Well the problem with what you said there is that it's false. I don't hate IE "just for the sake of hating it". I hate using it because it's still lacking some important things that a browser should be able to do. These problems that have occurred haven't just occurred on my laptop. It's happened on countless computers over the years. The next time IE crashes I'll take a picture of it and show you.

I don't need a picture and I'm not saying that you're lying. I wanted to point out that a modern browser crashing is the exception, not the rule.

If IE, or any other browser for that matter, does crash often, then you must look for the root cause, not blindly blaming the browser itself.

Usual causes:

Faulty RAM
Buggy video driver
Corrupted OS and/or browser files

Edited by eddman, Mar 18 2013, 9:04am :

eddman said,

I don't need a picture and I'm not saying that you're lying. I wanted to point out that a modern browser crashing is the exception, not the rule.

If IE, or any other browser for that matter, does crash often, then you must look for the root cause, not blindly blaming the browser itself.

Usual causes:

Faulty RAM
Buggy video driver
Corrupted OS and/or browser files


Very true. A real-life example is Firefox, which can crash quite often and randomly if you have an AMD graphics card and use hardware acceleration.

Lamp Post said,

Very true. A real-life example is Firefox, which can crash quite often and randomly if you have an AMD graphics card and use hardware acceleration.

Same goes for IE except older intel built-in cards.

Crimson Rain said
problem is your laptop and its shiity gfx driver. It can't handle IE's full gpu acceleration.
I'm pretty sure that it's not my laptop. And even if it was, how come Chrome works just fine then..

Lamp Post said
How do you know it's the amount of tabs that causes it to crash?
Because the minute I open another one, the whole thing freezes, then the "Internet Explorer is not responding" error pops up, and then it closes and opens up again.

Crimson Rain said
He doesn't know anything. Probably never even heard about virtual memory.
Actually I know a lot more than you think.

Northgrove said
I don't even understand what you are referring to. Neither IE, nor Chrome, nor Firefox, nor Safari seem to do this.
IE does..

eddman said
If IE, or any other browser for that matter, does crash often, then you must look for the root cause, not blindly blaming the browser itself.
I'm not blindly blaming the browser..

eddman said
Faulty RAM
Tested the RAM already. Everything's good.
eddman said
Buggy video driver
My video drivers are all good.
eddman said
Corrupted OS and/or browser files
IE's crashed on Windows 7 and 8 so I highly doubt that two OS's both have corrupted files even though it works perfectly fine. I'm sure if there were corrupted files in either the OS or the browser, I would know by now.

dtourond said,
I'm pretty sure that it's not my laptop. And even if it was, how come Chrome works just fine then..

Because chrome does not hw accel to the level IE does and that's where the older cards fail.

Crimson Rain said
Because chrome does not hw accel to the level IE does and that's where the older cards fail.
Well I'm pretty sure it has nothing to do with my laptop. If Chrome can work, so should IE.

dtourond said,
Well I'm pretty sure it has nothing to do with my laptop. If Chrome can work, so should IE.

Yes, if minesweeper can run on a computer, Crysis 3 should run on it too. Nice logic.

Crimson Rain said
Yes, if minesweeper can run on a computer, Crysis 3 should run on it too. Nice logic.
Whatever the problem may be, I want what works, and Chrome works.

Well, I'm going by all of my experiences with it over the years, and every time I've used IE to do the things I wanted to do, it was never good.

eddman said
If the browser was the problem, it would've crashed for everyone all the time, but it doesn't.
Well luckily for you, that hasn't happend. But I've yet to see anyone be able to use IE with a lot of tabs and have it not crash on them.

If you click an iTunes related url won't it launch iTunes on the user's PC? As a result, couldn't a specially crafted url lead to exploiting iTunes?

Enron said
I'm surprised iTunes is so high. How do you exploit a vulnerability in iTunes?
Wasn't there a bug in iTunes a couple months back relating to porn.. It was in another country, that much I remember.

There are many ways the most common is intercepting and manipulating the packets and letting iTunes actually initiate the malware because it has already gained the privileges to do so.

jakem1 said,
Not surprising.

At least explain why you don't think so. Google doesn't have a particularly poor track record in security, and have a reward program for people who submit security patches. I think this was among the most surprising browsers to lead in a study like this.

onionjuice said,

I think Internet Explorer was taken off the list because it was a huge outlier.


IE is #9 with 41 vulnerabilities. So, it wasn't "taken off the list" and wasn't a huge outlier.