Google Chrome is the most vulnerable browser in 2022

Posted:
in General Discussion edited October 5
New data reveals that Google Chrome users need to be careful when browsing the web, but Safari users don't get off scot-free.

Google Chrome icon
Google Chrome icon


According to a report by Atlas VPN on Wednesday, Google Chrome is the most vulnerable browser on the market. So far, in 2022, the browser had 303 vulnerabilities, totaling 3,159 cumulative vulnerabilities.

These figures are based on data from the VulDB vulnerability database, covering Janurary 1, 2022 to October 5, 2022.

Web browser vulnerabilities from Atlas VPN
Web browser vulnerabilities from Atlas VPN


Google Chrome is the only browser with new vulnerabilities in the five days in October. Recent ones include CVE-2022-3318, CVE-2022-3314, CVE-2022-3311, CVE-2022-3309, and CVE-2022-3307.

The CVE program tracks security flaws and vulnerabilities across multiple platforms. The database doesn't list details for these flaws yet, but Atlas VPN says they can lead to memory corruption on a computer.

Users can fix these by updating to Google Chrome version 106.0.5249.61.

Mozilla's Firefox browser is in second place for vulnerabilities, with 117 of them. Microsoft Edge had 103 vulnerabilities as of October 5, 61% more than the entire year of 2021. Overall, it has had 806 vulnerabilities since its release.

Next is Safari, which has some of the lowest levels of vulnerabilities. For example, in the first three quarters of 2022, it had 26 vulnerabilities, and its number for cumulative vulnerabilities 1,139 since its release.

Meanwhile, the Opera browser had no documented vulnerabilities so far in 2022 and only 344 total vulnerabilities.

Google Chrome, Microsoft Edge, and Opera all share the Chromium browser engine. Vulnerabilities in Chromium may affect all three browsers.

The Chromium open-source project generates the source code used by all Chromium-based browsers. Not all flaws will affect all of these browsers because each company creates their browsers in different ways.

As of May 2022, Safari reached over a billion users, and Apple has been working hard to make sure its browser is secure and safe to use.

To stay safe on the web, people should keep their browsers updated to the latest version. Be careful when downloading plug-ins and extensions, especially from lesser-known sources or developers.

Read on AppleInsider

Comments

  • Reply 1 of 9
    This is an absurd interpretation of the data. Having the most vulnerabilities listed in a database does not make Google Chrome "the most vulnerable".  Is Opera the most secure due to its lack of reported vulnerabilities? 

    Google has the most listed because it's by far the most popular browser and its vulnerabilities are worth quite a bit. (both by reporting them to Google for a bounty and on shady blackhat markets). Google also has a much more transparent vulnerability reporting process. Vulns reported to them privately usually still get listed but Safari vulns reported privately to Apple generally due not unless the security researcher does it themselves.  Also the vast majority of these vulnerabilities do not bypass the multiple layers of sandboxing employed. This is true for both Safari, Chrome, Firefox, etc.  So alone most of the these vulnerabilities can't be used to exploit someone.

    All that said, I do think Safari's security is likely superior to Chrome's but not because it has fewer vulnerabilities listed. Safari lags behind Chrome significantly in implementing new more powerful web APIs and this greatly reduces the attack surface area.
    DAalsethlkruppdewmegatorguyavon b7michelb76williamlondonFileMakerFellertwokatmew
  • Reply 2 of 9
    danoxdanox Posts: 1,348member
    Will never use Chrome and Apple not using Google web API’s is fine with me.
    StrangeDaysjas99baconstanglkruppM68000williamlondonwatto_cobra
  • Reply 3 of 9
    MadbumMadbum Posts: 313member
    But communists like the EU and some people in our justice department wants Apple to open everything up to Google….

    Enough
    lkruppwatto_cobra
  • Reply 4 of 9
    This is an absurd interpretation of the data. Having the most vulnerabilities listed in a database does not make Google Chrome "the most vulnerable".  Is Opera the most secure due to its lack of reported vulnerabilities? 

    Google has the most listed because it's by far the most popular browser and its vulnerabilities are worth quite a bit. (both by reporting them to Google for a bounty and on shady blackhat markets). Google also has a much more transparent vulnerability reporting process. Vulns reported to them privately usually still get listed but Safari vulns reported privately to Apple generally due not unless the security researcher does it themselves.  Also the vast majority of these vulnerabilities do not bypass the multiple layers of sandboxing employed. This is true for both Safari, Chrome, Firefox, etc.  So alone most of the these vulnerabilities can't be used to exploit someone.

    All that said, I do think Safari's security is likely superior to Chrome's but not because it has fewer vulnerabilities listed. Safari lags behind Chrome significantly in implementing new more powerful web APIs and this greatly reduces the attack surface area.
    This is absolutely correct and the article is horrible reporting made to create fear and stoke animosity toward Google's Chrome. Now, if the article had stated that the numerous vulnerabilities have not been patched, that would be bad. But, it says the exact opposite where it states, "
    Users can fix these by updating to Google Chrome version 106.0.5249.61." That means the vulnerabilities are only vulnerabilities if you're not updating the browser. Well, yeah, that's true of every piece of software that touches the web, including the operating system. Duh. If you don't keep it updated you're going to be vulnerable.

    The number of vulnerabilities getting CVEs is a good thing, not a bad thing. It means that the code is being actively policed and updated. That's not a bad thing and means Chrome is actually safer, not less secure. As varenhizzle comments, Google is transparent about its bugs while Apple seems to sweep them under the rug or tell people about them months later while exploits get actively used to harm users that could be taking mitigating steps before a patch to keep themselves secure.

    This is a terrible article that certainly shows a lack of understanding of how software security works well and the CVE system protects users, or it's a malicious article intended to cast Chrome as a boogeyman with dubious premises. I'd be careful if I were the editorial staff here publishing stories like this. It could see their publication end up in court for libel.

    I am a long time Mac user (and system administrator) that also uses Chrome in my job as a web developer. I've never had a problem with it as a browser as far as security. A couple of extensions used to block ads and other potential malicious things and you're all good. That's provided you also surf in a sane manner and keep your browser (and other internet tools and OS) up to date, but that should be the norm in 2022. Anyone not doing that is being reckless and irresponsible to their own detriment.
    williamlondonFileMakerFellertwokatmew
  • Reply 5 of 9
    Weird data. On every hackathon Safari usually falls on the first day in hours, with multiple exploits. i'm guessing a lot of the exploits are not known and being kept unknown. Google actively scans software through Project zero, and a lot of Safari vulnerabilities come from Google's efforts. I'm wondering what would happen if Apple had a team like that. It would massively improve OSX (and Safari) mediocre security.
    williamlondongatorguyFileMakerFeller
  • Reply 6 of 9
    Paul_BPaul_B Posts: 82member
    Has anyone heard of this application called Firefox by the Mozilla group which does not make money or compete with any company - and did I mention it's Open Source.  And the best browser by FAR.  They were once called Netscape - the creators of HTML.  Alphabet or Google whatever they want to call themselves is a governmental entity.
    williamlondonwatto_cobra
  • Reply 7 of 9
    Personally I've stopped using chromium browsers altogether, I'm content with Firefox now.
    williamlondonwatto_cobra
  • Reply 8 of 9
    Paul_B said:
    Has anyone heard of this application called Firefox by the Mozilla group which does not make money or compete with any company - and did I mention it's Open Source.  And the best browser by FAR.  They were once called Netscape - the creators of HTML.  Alphabet or Google whatever they want to call themselves is a governmental entity.
    HTML was created by Tim Berners-Lee while working at CERN. Netscape was founded after that event. They did, however, invent the first successful web browser which they internally called "Mosaic killer."

    Mozilla is now struggling to compete against Google, MS and Apple in the browser wars. If Firefox was so clearly superior I doubt that would be the case.
    watto_cobra
  • Reply 9 of 9
    davidwdavidw Posts: 1,691member
    Paul_B said:
    Has anyone heard of this application called Firefox by the Mozilla group which does not make money or compete with any company - and did I mention it's Open Source.  And the best browser by FAR.  They were once called Netscape - the creators of HTML.  Alphabet or Google whatever they want to call themselves is a governmental entity.
    I guess you haven't  heard yet that FireFox do make money. Maybe not a lot by Chrome and Safari standard but they do make enough money to stay in business, at least until the end of 2023. Hopefully Google will at least be as generous with their next contract with FireFox, so to keep FireFox in business for another 3 years, after 2023. 

    https://www.androidheadlines.com/2020/08/mozilla-firefox-google-search
Sign In or Register to comment.