Bombarded Browsers: More Flaws, But Quicker Fixes12:00 PM EST Tue. Mar. 19, 2013
Vulnerabilities discovered in the most popular browsers increased in 2012. Coding errors in Google Chrome, Mozilla Firefox, Microsoft Internet Explorer, Opera Software's Opera and Apple Safari increased 17 percent from 2011 to 2012, according to Danish vulnerability clearinghouse Secunia, which issued its analysis last week. There were 739 vulnerabilities discovered last year, the firm said, but noted that patches were quickly made available. Secunia said 84 percent of all vulnerabilities in 2012 were patched the day they were disclosed, a 12 percent increase over 2011.
Web browsers and their components are frequently targeted by attackers. Testing conducted by independent testing firm NSS Labs found that browsers offer the largest attack surface to cybercriminals. The firm said its testing found a significant variance in the ability to block malware, however. Microsoft uses a SmartScreen cloud-based URL reputation service for protection. Google uses its Safe Browsing API and malicious download technology in Chrome. Meanwhile, Mozilla also uses the Google Safe Browsing API for protection.
Microsoft's Internet Explorer ranked as the second-most-deployed application at the end point, according to Secunia. Microsoft issued 10 advisories for IE in 2012, repairing approximately 41 vulnerabilities, Secunia found. Internet Explorer maintained a malware block rate of 95 percent in a test of IE 9 conducted by NSS Labs in 2012. The firm found that IE also blocked 96 percent of click fraud attempts.
Mozilla ranked 15th on Secunia's list of top 50 applications at the end point. In 2012, Mozilla issued 21 advisories, addressing 257 vulnerabilities in Firefox. The malware block rate in Firefox remained below 6 percent, according to NSS Labs' 2012 analysis. The firm found that Firefox also blocked 0.8 percent of click fraud attempts.
Google Chrome ranked 21st on Secunia's list of top 50 applications at the end point. The company issued 28 advisories in 2012, repairing 291 vulnerabilities, Secunia said. Google repairs flaws quickly using an automated update mechanism and employs a silent update feature that can download a security update in the background while it is being used. The update is applied when the browser is closed and reopened by the end user. Chrome's malware block rate varied from 13 percent to just more than 74 percent, according to testing by NSS Labs in 2012. The testing firm found Chrome also blocked only 1.6 percent of click fraud attempts.