Editor's Note: We've updated this story with comment from Google.
Are you a big fan of Google Chrome? You might want to rethink that loyalty, because it turns out Google’s browser has a lot of vulnerabilities. A new report claims that Google’s browser is currently the most vulnerable one on the market — with 303 individual security flaws and a cumulative total of 3,159.
This report comes from Atlas VPN (via Apple Insider (opens in new tab)), using data from the VuIDB vulnerability database, and covers the periods of January 1 to October 5 of 2022. But not only does the data claim Google has the most vulnerabilities, both currently and of cumulatively, it’s also the only major browser with vulnerabilities that were discovered in October 2022.
Mozilla Firefox has reportedly picked up 117 vulnerabilities so far, for an all-time total of 2,361, while 103 have been discovered in Microsoft Edge. While Edge’s vulnerability count is low, it’s also noted as being 61% higher than 2021. The browser has also only had 806 documented vulnerabilities since it was released.
Meanwhile, Apple’s Safari browser has 26 documented vulnerabilities this year, with an all-time total of 1,139 — which was noted as “some of the lowest vulnerability in years.” That said Opera has logged in zero vulnerabilities so far this year, with only 344 total documented issues.
It’s not clear whether this is because Opera is more secure than its rivals, or if its popularity is so small nobody’s looking for issues. According to StatCounter (opens in new tab), Opera had 2.25% of the browser market share in September 2022. That’s even less than Samsung Internet, which had 2.75% in the same period.
After this story was initially published, Google reached out with the following comment:
"Measuring a browser's security based on vulnerabilities fixed in a given year isn't a very useful metric. This is working as intended, as we continue to invest in fixing more issues every year so we keep our users safe. If a piece of software isn't receiving regular security patches, that typically indicates a lack of investment in security, not the opposite."
It’s worth mentioning that Chrome, Edge and Opera are all Chromium-based browsers, and would presumably share some of the same issues. That makes Opera’s zero vulnerability count all the more suspicious.
In a series of posts (opens in new tab) on Twitter, VP/GM of Chrome at Google, Parisa Tabriz provided further insight on the matter, saying:
"How can other browsers that depend on chromium have 0 vulns? They either have no additional bugs in their non-chromium code, or aren't issuing CVEs for them..."
Apple certainly does deserve some praise for the state of Safari’s security. The browser hit over a billion users back in May (opens in new tab), and StatCounter currently logs it as controlling 18.6% of the browser market — almost double the combined forces of Edge, Firefox and Opera.
While Apple’s low vulnerability count could make Google’s look pretty poor by comparison, keep in mind that the whole point of finding vulnerabilities and patching them is designed to make software more secure. However, if you are concerned about the high number of vulnerabilities recently found in Chrome, it may finally be time to pull the trigger and give a different browser a try.
Just be aware that these counts are not a definitive list. They rely on people actually looking for, and finding vulnerabilities in the first place and don’t include any security flaws that are hiding away. At the same time, if Chrome wasn't so popular, security researchers wouldn't be combing over the browser looking for vulnerabilities in the first place. No matter which browser you use, it’s important to make a habit of keeping it updated; that way problems can be fixed when they’re found.
Next: Leaked company memo reveals Facebook is struggling to make its own employees love the Metaverse. And, it's a great time to be a PC gamer as a Nvidia RTX 4090 leak points at killer performance and plenty of stock.
safari, yeah, that apple no longer even builds for windows anymore
forces google to use the safari webkit to be able to be in the iOS app store
That's some pretty inventive marketing right there.