You should consider ditching Google Chrome right now — here’s why [Update]
A new report claims that Chrome has the most vulnerabilities of any web browser
Editor's Note: We've updated this story with comment from Google.
Are you a big fan of Google Chrome? You might want to rethink that loyalty, because it turns out Google’s browser has a lot of vulnerabilities. A new report claims that Google’s browser is currently the most vulnerable one on the market — with 303 individual security flaws and a cumulative total of 3,159.
This report comes from Atlas VPN (via Apple Insider), using data from the VuIDB vulnerability database, and covers the periods of January 1 to October 5 of 2022. But not only does the data claim Google has the most vulnerabilities, both currently and of cumulatively, it’s also the only major browser with vulnerabilities that were discovered in October 2022.
Mozilla Firefox has reportedly picked up 117 vulnerabilities so far, for an all-time total of 2,361, while 103 have been discovered in Microsoft Edge. While Edge’s vulnerability count is low, it’s also noted as being 61% higher than 2021. The browser has also only had 806 documented vulnerabilities since it was released.
Meanwhile, Apple’s Safari browser has 26 documented vulnerabilities this year, with an all-time total of 1,139 — which was noted as “some of the lowest vulnerability in years.” That said Opera has logged in zero vulnerabilities so far this year, with only 344 total documented issues.
It’s not clear whether this is because Opera is more secure than its rivals, or if its popularity is so small nobody’s looking for issues. According to StatCounter, Opera had 2.25% of the browser market share in September 2022. That’s even less than Samsung Internet, which had 2.75% in the same period.
After this story was initially published, Google reached out with the following comment:
"Measuring a browser's security based on vulnerabilities fixed in a given year isn't a very useful metric. This is working as intended, as we continue to invest in fixing more issues every year so we keep our users safe. If a piece of software isn't receiving regular security patches, that typically indicates a lack of investment in security, not the opposite."
It’s worth mentioning that Chrome, Edge and Opera are all Chromium-based browsers, and would presumably share some of the same issues. That makes Opera’s zero vulnerability count all the more suspicious.
In a series of posts on Twitter, VP/GM of Chrome at Google, Parisa Tabriz provided further insight on the matter, saying:
"How can other browsers that depend on chromium have 0 vulns? They either have no additional bugs in their non-chromium code, or aren't issuing CVEs for them..."
Apple certainly does deserve some praise for the state of Safari’s security. The browser hit over a billion users back in May, and StatCounter currently logs it as controlling 18.6% of the browser market — almost double the combined forces of Edge, Firefox and Opera.
While Apple’s low vulnerability count could make Google’s look pretty poor by comparison, keep in mind that the whole point of finding vulnerabilities and patching them is designed to make software more secure. However, if you are concerned about the high number of vulnerabilities recently found in Chrome, it may finally be time to pull the trigger and give a different browser a try.
Just be aware that these counts are not a definitive list. They rely on people actually looking for, and finding vulnerabilities in the first place and don’t include any security flaws that are hiding away. At the same time, if Chrome wasn't so popular, security researchers wouldn't be combing over the browser looking for vulnerabilities in the first place. No matter which browser you use, it’s important to make a habit of keeping it updated; that way problems can be fixed when they’re found.
Next: Leaked company memo reveals Facebook is struggling to make its own employees love the Metaverse. And, it's a great time to be a PC gamer as a Nvidia RTX 4090 leak points at killer performance and plenty of stock.
Sign up to get the BEST of Tom's Guide direct to your inbox.
Get instant access to breaking news, the hottest reviews, great deals and helpful tips.
Tom is the Tom's Guide's UK Phones Editor, tackling the latest smartphone news and vocally expressing his opinions about upcoming features or changes. It's long way from his days as editor of Gizmodo UK, when pretty much everything was on the table. He’s usually found trying to squeeze another giant Lego set onto the shelf, draining very large cups of coffee, or complaining about how terrible his Smart TV is.
-
CinnamonToastKen How can Opera be the least popular? Pewdiepie gets paid to rave about it constantly! (note the sarcasm, in case it wasn't apparent.) o_OReply -
dekan365 Looks like you're an automotive expert... Thanks for chiming in though! Let me guess... iPhone owner? 🙄Reply -
mjrtom
no need to guess, its obviousdekan365 said:Looks like you're an automotive expert... Thanks for chiming in though! Let me guess... iPhone owner? 🙄
safari, yeah, that apple no longer even builds for windows anymore
forces google to use the safari webkit to be able to be in the iOS app store
FTC investigation? -
shwivel "The report comes from Apple" that their biggest competitor, Google, has the most vulnerable browser, and Apple has the most secure browser. Sounds like some objective research.Reply -
v13 The most popular browser with an opensource base has more discovered vulnerabilities than the less popular, iOS only, fully proprietary and closed source browser, says Apple.Reply
Sure...
That's some pretty inventive marketing right there. -
FloydTheAndroid
Did your research, did you? Safari was based on KDE's Konqueror (Open Source). Apple created WebKit from it. Google based Chrome on Webkit.v13 said:The most popular browser with an opensource base has more discovered vulnerabilities than the less popular, iOS only, fully proprietary and closed source browser, says Apple.
Sure...
That's some pretty inventive marketing right there.
https://en.wikipedia.org/wiki/WebKit -
MassStash I mean, how much can you take the word of vulnerabilities in GOOGLE Chrome, from a random VPN company, via APPLE insider? 🤔 LOL. Conflict of interest no?Reply -
MassStash
Yea, then Google made its own round 2013FloydTheAndroid said:Did your research, did you? Safari was based on KDE's Konqueror (Open Source). Apple created WebKit from it. Google based Chrome on Webkit.
https://en.wikipedia.org/wiki/WebKit