Google Chrome least secure!

Google Chrome cited tops 'Dirty Dozen' vulnerable apps list

Back to IE 6!

 

The No. 2 spot is held by Apple's Safari browser at 60 reported vulnerabilities while Microsoft Office was No. 3 with 57.

4. Adobe Acrobat -- 54

5. Mozilla Firefox -- 51

6. Sun JDK -- 36

7. Adobe Shockwave Player -- 35

8. Microsoft Internet Explorer -- 32

9. RealNetworks RealPlayer -- 14

10. Apple Webkit -- 9

11. Adobe Flash Player -- 8

12. Apple Quicktime and the Opera Web browser (tied) -- 6

 

Not surprised that firefox is above IE again this year, now that it's becoming a popular browser people realize how truly insecure it is. I'm pretty sure most of it's "security" was through obscurity, a.k.a., it's previous unpopularity. Does anyone use firefox today without bundling it with extensions like NoScript just to feel secure?

Also I'm sure the reason Chrome has so many is partly contibuted by the fact it's new and immature compared to IE8 which has gone through extensive patching to become as safe as it is today. I bet Chrome's vulnerability list will drop in time like IE8.

New hardware/software usually has teething problems.

 

Well, I can assure you that, with me, Chromium (Not Google Chrome) is the most secure browser I've been running; no malware can get in, and I'm not running it sandboxed using stuff like Sandboxie.

Anyways, I guess that those same users, that in the past, moved to Firefox, will be moving back to IE again. lol

 

Are you serious?

This numbers don't rank how secure an application is!
Extreme example: What's better, a single highly critical vulnerability in the wild unpatched for some months or 10 minor vulns all privately reported and promptly fixed by the vendor?

You should really go by real world exploits in the wild. Unsurprisingly IE 6 got the top rank there, top as in most attacked. Firefox and newer IE7/8 follow while Chrome hasn't seen any exploit in the wild afaik, certainly none that circumvented the Sandbox. Some of course target cross browser plugins like flash and java.

Full disclosure: NoScript user

 

I'm fairly confident he was being sarcastic. I don't think anyone in the right mind would consider IE under version 8. I would never consider IE under version 9... Not because IE8 is an insecure browser like IE6, but because IE8 is simply a terrible (to use) browser when compared to IE9/Chrome.

 

That is correct!

Actually, I'm still using Chrome because I believe that most, if not all, of the vulnerabilities were patched by Google's team or their paid white hackers before they were exploited in the wild.

The OP was to get people's comments and learn something more.

 

Yeah good old, but not out IE6

 

It could be worse.

 

I'm liking your minimalistic IE6

 

It reminds me a bit of K-Meleon's 'Klassic' skin.

 

So, the article says: Google Chrome is the most vulnerable because it has the most security flaws discovered. That's just bollocks the size of Jupiter. And I absolutely despise any article that equates security to the number of vulnerabilities. Utter garbage.

In that regard:

Argetinian army, navy and air force had more troops than UK in Falklands War. They were supposed to win! Right? Did they? Nope. The French had ten times more troops than British at Agincourt. And who won there? How about you Google Henry V speech, eh?

What if all of Google vulnerabilities were local? How do 100 local vulnerabilities scale to one remote one? They don't. But apparently everyone is a journalist, even if everyone is not a scientist or even a skilled Excel operator.

What about the severity, known and unknown exploits, time to patch, and a million other factors? Ah, too difficult to think when all you do is fear mongering.

The only thing the number of vulnerabilities tell is: the number of entries in a database.

Bollocks the size of Jupiter. No other term.

Cheers,
Mrk

 

LOL


In Dublin's fair city,
where the girls are so pretty,
I first set my eyes on sweet Molly Malware,
As she wheeled her wheel-barrow,
Through streets broad and narrow,
Crying, "Entries of Exploits, alive, alive, rare!"
"Alive, alive, rare,
Alive, alive, rare",
Crying "Entries of Exploits, alive, alive, rare".
She was a fearmonger,
But sure 'twas no wonder,
For so were her father and mother before,
And they each wheeled their barrow,
Through streets broad and narrow,
Crying, "Entries of Exploits, alive, alive, rare!"
(chorus)
She died of posting fever,
And no one could save her,
And that was the end of sweet Molly Malware.
Now her ghost wheels her barrow,
Through streets broad and narrow,
Crying, "Entries of Exploits, alive, alive,rare "

 

Hmm...it seems strange that in the annual browser hacking contest Pwn2Own, Chrome is the only browser on test that is not compromised by hackers.

http://www.downloadsquad.com/2010/03/25/pwn2own-2010-google-chrome-is-the-last-man-standing/

I very much like the new embedded pdf view in Chrome as well. It is not only faster to read pdf's, but any exploits need to escape from the Chrome sandbox - not a simple task.

 

I am not a Google Chrome user but to say that it is the least secure is a clear deception.

 

Mrkvonic post says it all

 

What's the original one (sounds an interesting lyric)? Or, were you just inspired?

 

Here you go.

http://www.youtube.com/watch?v=vdxLxnhGnvo

 

Ronjor, I especially liked:

As truer words have not been spoken.

 

And a special award goes to MS for not pushing stronger defenses which are already available like EMET and MIC (not to mention LUA/SUA). They'd block or mitigate like 99% of the Adobe exploits.
They are finally getting the message, thanks to a lot of bashing online I'm sure
http://blogs.adobe.com/asset/2010/07/introducing-adobe-reader-protected-mode.html

 

Very good article. I hope that elapsed read it, too.

 

Are you blind to my response directly after his or do you have some kind of problem? Feel free to PM me.

 

No, I'm not blind, I just wasn't precise enough. What I meant: I hope that you thoughtfully read that article. I was referring to your remark in post #3 above where you complained about Firefox "... how truly insecure it is". This kind of sweeping accusation belongs exactly to that category of "analysis" critisized by Brian Krebs - and rightly so.

 

It's not a sweeping accusation, it's a precise one that people are finally realizing. I mean seriously, how many Firefox users DON'T use NoScript or recommend it? Feel free to do the research, as I won't do it for you.

Someone mentioned it's also about the time it takes to patch, did you know that after 10 years (first reported in 2000) Firefox still provides no way to escape javascript "trap" websites used by nearly all malware sites? You have to forcefully ctrl+alt+del. All other browsers offer a "cancel this script" button for you to navigate away.

Next time, try being a bit more mature about calling out peoples nicknames directly on a public forum, just because your favourite browser got bashed. It motivates me in no way to have a debate with you.