We’ve talked at length about Chrome being the “unhackable” browser, about its speed and we’ve lauded our use of it here at TNW. However, a new report from security vendor Bit9 might just make us take pause.
The report, detailed via NetworkWorld, shows Chrome topping its annual list of vulnerable apps with a total of 76 reported vulnerabilities. Among these, Bit9 claims to find buffer overflow and site scripting vulnerabilities which could open a host computer to attack. It’s worth bearing in mind, though, that the webkit-based Safari comes in at the number two slot, with 60 vulnerabilities of its own.
What is not discussed, interestingly, is which version of Chrome was tested by Bit9. With the rocket-fast release schedule under which Chrome operates, something that was tested only a week ago could be nearly obsolete by now. Bit9 even confirms this, stating in its release:
In most cases, vendors on the list have issued patches to repair identified vulnerabilities.
While the information is certainly enough to make you stop and think for a moment, the end result is really up to each user. At this point, even though we’re excited about the Firefox 4 release, there simply isn’t a browser on the market that can compete with Chrome from what we’ve seen. Even the newly-released Opera, with all of its flash and sparkle, fails to compare in real-world use.
Maybe it’s time for the resurgence of Internet Explorer?
As for the rest of the list? Not a lot of surprises, really:
- Microsoft Office (57)
- Adobe Reader and Acrobat (54)
- Mozilla Firefox (51)
- Sun Java Development Kit (36)
- Adobe Shockwave Player (35)
- Microsoft Internet Explorer (32)
- RealNetworks RealPlayer (14)
- Apple WebKit (9)
- Adobe Flash Player (8)
- Apple QuickTime (6) and Opera (6) – TIE
Given how many exploits that we hear of when it comes to Java, unpatched installations of Microsoft Office, hacked Firefox users and Adobe Flash issues, it’s a list that you likely could have sat down and made yourself. Granted that the order might have been different, but the names are still the same.