I would rather have a browser with the most security flaws found and patched then the least security flaws found and NOT patched(because if a lot were found that does not mean less secure it means they are probably more secure because a lot of flaws were found and if there is less found or not as many that means there are probably more security flaws like zero days not found, there will always be zero days but I mean more undetected unlike Chrome most of them are detected)..It means Google is paying attention and their tactics are working like the vulnerability rewards program and they patch all Chrome and Chrome OS security flaws in under two days.
Same old game, making numbers say what you want them to. There's probably dozens of ways to interpret those figures, which is exactly what you'd end up with, interpretations based on assumptions that mean nothing.
The report was put out by Secunia using their "Personal Software Inspector". One could question the method(s) used and the accuracy of the numbers.
It ranks up there with AV comparisons. Depending on the sample set you choose, they can all be made to look good, or very bad.
I also wondered when NSS Labs was testing different browser's security. (Microsoft sponsored) Internet Explorer managed to come out on top for what they were testing. Don't know about their current testing though.
Not to mention only one bug exploited in Chrome at the 2015 Pwn2Own contest: https://threatpost.com/all-major-browsers-fall-at-pwn2own-day-2/111731 ...and a difficult one to exploit at that:
Yea I agree and I was saying that I would rather have a browser with more patches then less by far Chrome is patched the fastest and the most patches. Thanks, Malwar
...and if they had made this claim about IE everyone would be agreeing with it. I don't care in any case. All browsers have issues but these threads are fun to watch.
While I don't disagree about the number of vulnerabilities found, I'd be more interested in the far more important rate of difficulty exploiting a browser, and Pwn2Own contest unquestionably gives compelling evidence that number of vulnerabilities in a browser is not a barometer of how easily it's exploited. It could be taken a big step further by testing browsers on different O/S'
Thank you, I am 17 and love security and I really want to work at Google one day for their project zero team and before that maybe hack all major browsers on all major OS's including Chrome OS all full bypasses of course at compition like pwn2own and pwnium so I am learning to code and etc. and like I said that means a lot. Thanks, Malwar
That test was legit because it was not about sandboxing / exploit protection but rather about testing a browser's protection against tricking users with social engineering to download and execute malware on their own. SmartScreen is very good against that.