The browser market is a fiercely competitive arena dominated by three big players: Microsoft, Google and Mozilla. Yes, there are other browsers out there like Safari and Opera, but for the most part, Internet Explorer, Chrome and Firefox are the household names that most consumers know.
While the browsers are free, there is a lot of money on the line too. Why? Well, when a user installs a browser, the default search engine on that browser is the path to revenue for these companies. For example, Firefox sells the rights to Google to make it the default search browser for around $300 million a year. The reason Google does this is that it will earn all of that back, and likely a lot more, as Firefox users search through Google, allowing the company to share its advertisements with a wider audience.
According to a new security report out by Bromium, Internet Explorer was the most vulnerable web browser in the first half of 2014. The firm states that IE was the most patched and most exploited product in the first half of 2014, surpassing Java and Flash.
The chart above shows the trending of vulnerabilities; the blue bars represents vulnerabilities in 2013 and those in red are for 2014. As you can see, Internet Explorers vulnerabilities increased in 2014, when compared to 2013, and the number is quite high compared to the other products that were reviewed. More importantly, the blue bars are for all vulnerabilities in the whole of 2013, so this means that in the first half of 2014, there have been more reported vulnerabilities in IE than during the entire previous year.
The report focused on highly used consumer products, which explains why there are non-browser applications in the report. It is worth pointing out that Office remains a secure application, which will likely appease the enterprise who uses this product heavily.
Why is Internet Explorer on the top of the list? The answer is likely attributed to the fact that IE still holds a significant chunk of the browser market share and that the legacy versions of Internet Explorer, such as IE6, are still prevalent enough on the remaining unpatched Windows XP machines, that targeting them is a lucrative opportunity.
No matter the product that you use to browse the web, common sense is still the best security mechanism. If a website asks you to install a new add-on or download a file, unless you specifically clicked a link to download an application, leave that webpage and do not install the files.
Source: Bromium Security Report (PDF)