20 comments

[ 2.7 ms ] story [ 44.0 ms ] thread
The article bases this on that they had the greatest number of security updates in the previous year - when the app was basically a beta.

This leaves aside the question of what is more secure - an app where you get security fixes every day - or one where the makers deny there are any faults.

Fortunately Chrome is a dynamo at updating itself. It's generally invisible to the user.
So the most vulnerable apps are the ones everybody uses. Huh. Who'da thunk.
What do you mean, exactly? Chrome + Safari don't crest 10% of web share.
Network World is owned by International Data Corp (aka IDC, IDG) and this[1] blog author seems to think that they are the puppet of Microsoft. While I certainly cannot make an argument one way or another, this raises the question of how valid this report is.

I couldn't believe when I read this article that in related content, the top item was "IE9 tops Chrome, Firefox in HTML5 Compatibility"[2]. That's what made me research if there was any connection between Network World and Microsoft.

[1] http://techrights.org/2010/06/11/idc-idg-and-propaganda/

[2] http://cl.ly/3A0q1F2o44000u1O2P3l

Not to mention that Safari and WebKit are specified as two different, ranking products on this list.
Aren't they different?

The fact that they use roughly the same engine doesn't count for very much. It's the implementation that matters.

Safari consumes WebKit (as does chrome). They are not merely "roughly the same engine", one uses the other.
And, since Webkit is a development branch, it’s extremely unfair for it to be used as a “target” in this sense. It’s going to have tons of security fixes, because it’s bleeding edge code.
Yes, it's the same engine but only in that they came from the same source. Even in the cases where they were exactly the same unpatched source from upstream, they wouldn't really be the same. E.g I can trivially freeze midori which uses webkit, I can do it to many others. If Midori or any of the others had security bugs, it doesn't mean that Chrome would have it as well therefore they can't be classed as the same.
I'd like to know, how many of that 76 vulnerabilities were able to escape chrome sandbox?
also... How many of those vuln. were actually found in the wild?.. How many days were the flaws open?..

This is a very-very weird article.

Wouldn't it be more appropriate to order the list by the number of distinct successful exploits of an app's vulnerabilities? In that case, unless I am mistaken, Chrome would be at zero.
I think this list is more likely a measure of the apps with the most security testing performed on them if it isn't an outright falsification altogether.
"Google Chrome in the No.1 spot with 76 reported vulnerabilities"

Reported by Google's bug tracker and security team, if the random sampling of vulnerabilities I looked at are any indication.

Seems like the secret to "winning" this list is to just hide everything in-house. I wonder what the list would look like if Microsoft's bug trackers were public viewing.

I'm not sure what the first paragraph in the article states. The part I'm having trouble with is: most discovered software flaws requiring security updates and notifications. Does that mean that Google Chrome fixed the most bugs, or were the most bugs found in Google Chrome?

If it was the former, Google is being shown in a positive light and they don't have any sort of "dubious distinction", and if it was the latter, then Google has an explanation for that. Lots of bugs are found in Chrome since Google pays developers a lot of money to find bugs in Chrome (not really sure about the others).

From the same site: http://www.networkworld.com/news/2010/110110-google-offers-b...

I'm shocked, shocked to see open source Chrome and Firefox closer to the top, while closed source IE and Opera are closer to bottom.
oh no, articles like this are so misleading, Google Chrome tops the list as the most security enhanced patched browser -- not the most vulnerable. This probably has everything to do with the bounty that Google has offered and the fact that Chrome is heavily being worked on. To say Google Chrome is the most vulnerable browser is a huge lie, name just one exploit that you can use on the browser right now. If I were Google I'd sue for slander!
This is complete and utter crap when it comes to statistics.

Does most number of bugs reported mean anything? No. I can NOT report the bugs because I don't have the IE source code. I can report 2 bugs a year, and never have them resolved, so I'm secure I guess, yet I'm actually worse off. How fast from report to release does a bug take on average to be fixed? How much of chrome's reported vulnerabilities reside inside the sandbox vs leaking outside the sandbox (this is a big one, if the answer is none then chrome is still insanely secure)? What about the fact that many security problems in chrome likely are problems in Safari except without the niceties of the sandbox?

This is all crap.