dagger01

varenhizzles said:

This is an absurd interpretation of the data. Having the most vulnerabilities listed in a database does not make Google Chrome "the most vulnerable".  Is Opera the most secure due to its lack of reported vulnerabilities? 

Google has the most listed because it's by far the most popular browser and its vulnerabilities are worth quite a bit. (both by reporting them to Google for a bounty and on shady blackhat markets). Google also has a much more transparent vulnerability reporting process. Vulns reported to them privately usually still get listed but Safari vulns reported privately to Apple generally due not unless the security researcher does it themselves.  Also the vast majority of these vulnerabilities do not bypass the multiple layers of sandboxing employed. This is true for both Safari, Chrome, Firefox, etc.  So alone most of the these vulnerabilities can't be used to exploit someone.

All that said, I do think Safari's security is likely superior to Chrome's but not because it has fewer vulnerabilities listed. Safari lags behind Chrome significantly in implementing new more powerful web APIs and this greatly reduces the attack surface area.

This is absolutely correct and the article is horrible reporting made to create fear and stoke animosity toward Google's Chrome. Now, if the article had stated that the numerous vulnerabilities have not been patched, that would be bad. But, it says the exact opposite where it states, "

Users can fix these by updating to Google Chrome version 106.0.5249.61." That means the vulnerabilities are only vulnerabilities if you're not updating the browser. Well, yeah, that's true of every piece of software that touches the web, including the operating system. Duh. If you don't keep it updated you're going to be vulnerable.

The number of vulnerabilities getting CVEs is a good thing, not a bad thing. It means that the code is being actively policed and updated. That's not a bad thing and means Chrome is actually safer, not less secure. As varenhizzle comments, Google is transparent about its bugs while Apple seems to sweep them under the rug or tell people about them months later while exploits get actively used to harm users that could be taking mitigating steps before a patch to keep themselves secure.

This is a terrible article that certainly shows a lack of understanding of how software security works well and the CVE system protects users, or it's a malicious article intended to cast Chrome as a boogeyman with dubious premises. I'd be careful if I were the editorial staff here publishing stories like this. It could see their publication end up in court for libel.

I am a long time Mac user (and system administrator) that also uses Chrome in my job as a web developer. I've never had a problem with it as a browser as far as security. A couple of extensions used to block ads and other potential malicious things and you're all good. That's provided you also surf in a sane manner and keep your browser (and other internet tools and OS) up to date, but that should be the norm in 2022. Anyone not doing that is being reckless and irresponsible to their own detriment.