Google Chrome recorded most vulnerabilities

Dec 9, 2014 15:30 GMT  ·  By
Report marks Google's browser as the product with most vulnerabilities
5 photos
   Report marks Google's browser as the product with most vulnerabilities

Not a day passes without a security vulnerability being discovered in some program. A report from Secunia released today shows a list with the 20 programs that recorded most vulnerabilities during the months of August, September, and October.

The company says that there were 1,841 security glitches in total, some already having a patch on the day of the disclosure, but many others lacking a fix.

Google Chrome at the top of the chart

The top spot was occupied for two months by Google Chrome, which was patched a total of 243 times in the third quarter of the year. In August and October, the browser found itself at the top of the list, with 64 and 162 vulnerabilities, respectively.

In September, at the head of the list was Apple's operating system, OS X.

However, despite the large number of glitches reported, it must be noted that the flaws in the product cannot be exploited easily.

The high number of vulnerabilities reported for Chrome could also have been incentivized by the money awarded through the Bug Bounty program. Back in September, Google tripled the maximum limit for the cash prizes in order to keep researchers motivated to report the flaws.

For October, Chrome was not the only browser recording a high amount of vulnerabilities. Avant browser came in second with a total of 159 reported glitches.

Coming in on third place was Apple's iTunes, followed by IBM's Network IPS, Sun Solaris, OS X, Oracle Database, Solaris, Java, and a set of IBM products.

Mozilla Firefox closes the top recording 19 vulnerabilities, the same amount as in the previous month. The browser actually shares the last position with three product from Cosminexus (Application Server, Developer and Studio).

IBM products are still prevalent in the list

One vendor that stands out in the top 20 vulnerable software list is IBM, which is present with several products for all three months. This is not because of the products themselves, but due to the fact that they bundle buggy third-party components, such as Java libraries.

The report from Secunia points out that a patch for a vulnerability in third-party code available in an IBM product needs to be pushed first by the company and then adopted by the customer.

“Anyone running IBM products knows that in the weeks and months following an Oracle Patch Day, they need to get busy patching their IBM applications. All in all, a very time consuming process,” the report says.

Among the IBM solutions found vulnerable in October there is the Security Network Intrusion Prevention System, the CICS Transaction Gateway, Tivoli Storage Productivity Center, WebSphere Message Broker, Integration Bus, and Flash System, each present with at least 20 glitches.

The report relies on information from Secunia Vulnerability Database, which includes data on more than 50,000 products verified by the company.

Secunia Q3 vulnerability report (5 Images)

Report marks Google's browser as the product with most vulnerabilities
IBM products are regulars on all three listsIn September, Apple's OS X recorded most bugs of all products verified by Secunia
+2more