The Channel logo


By | Darren Pauli 26th March 2015 02:28

Chrome trumps all comers in reported vulnerabilities

Beats Solaris, flattens Gentoo

More vulnerabilities were discovered in Google Chrome last year than any other piece of core internet software – that's according to research that also found 2014 clocked record numbers of zero-day flaws.

The Secunia Vulnerability Review 2015 report [PDF] is built on data harvested by the company's Personal Software Inspector tool residing on "millions" of customer end points, each with an average of 76 installed applications.

It said the Chocolate Factory's web surfer had more reported vulnerabilities than Oracle Solaris, Gentoo Linux, and Microsoft Internet Explorer which rounded out the top four among the analysed core products.

(Obviously, it's in Secunia's interests, as a security tool maker, to talk up holes in applications; Google's engineers would like you to know that the reported bugs are patched, or not even exploitable in the first place, and counting vulnerabilities is misleading.)

Chrome leads the browser pack with 504 reported vulnerabilities followed by Internet Explorer with 289 and Firefox with 171. Some 1035 flaws were reported across all browsers including Opera and Safari, up from 728 in 2013.

Secunia says Mozilla clocked the most number of un-patched users, followed by Chrome and Internet Explorer, although this could be because installed secondary browsers were often unused.

The report further reveals vulnerabilities increased 49 percent from 728 to 1035 by the end of 2014, with un-patched zero day flaws rising from 14 to 25.

Total vulnerabilities reached 15,435 relating to 3870 applications from 500 vendors. That is an increase of 18 percent over the reporting period and 55 percent since 2009. Of those, 1698 (11 percent) are deemed highly critical and 43 (0.3 percent) are extremely critical.

More than half of Foxit PDF users did not apply patches, compared to 32 percent of users of the utterly dominant Adobe Reader. The Flash factory produced 43 vulnerabilities that year compared to a mere two for Foxit.

Some 83 percent of vendors patched their wares before vulnerabilities were publicly disclosed compared to half in 2009.

The report finds remote network attacks are more common (60 percent) than local vectors (33.4 percent). ®

comment icon Read 46 comments on this article or post a comment alert Send corrections


Frank Jennings

What do you do? Use manual typwriters or live in a Scottish croft? Our man advises
A rusty petrol pump at an abandoned gas station. Pic by Silvia B. Jakiello via shutterstock

Trevor Pott

Among other things, Active Directory needs an overhaul
Baby looks taken aback/shocked/affronted. Photo by Shutterstock

Kat Hall

Plans for 2 million FTTP connections in next four years 'not enough'
Microsoft CEO Satya Nadella


Suit-and-tie-wearing man tries to meditate, take deep breaths in faux yoga pose. Photo by Shutterstock
Emotional intelligence, not tech skills, is the way to woo suits
League of gentlemen poster - Tubbs and Edward at the local shop. Copyright BBC
One reselling man tells his tale of woe