Cybersecurity Google Chrome Security: 300 Reasons Why You Should Not Switch Browser Davey Winder Senior Contributor Opinions expressed by Forbes Contributors are their own. Co-founder, Straight Talking Cyber Following New! Follow this author to stay notified about their latest stories. Got it! Oct 8, 2022, 07:29am EDT | New! Click on the conversation bubble to join the conversation Got it! Share to Facebook Share to Twitter Share to Linkedin Lots of Chrome vulnerabilities doesn’t equate to Google’s browser being insecure, quite the .
. . [+] opposite.
SOPA Images/LightRocket via Getty Images There are plenty of reasons why you might consider switching to a different browser than Google Chrome. But the number of security vulnerabilities is not one. Here’s why.
Google’s security princess speaks out about ‘confused’ CVE count reporting Parisa Tabriz has three self-titled occupations: security princess at Google, Project Zero ‘den mom’, and the browser boss at Google Chrome. Tabriz, more formally, a director of engineering at Google, knows a thing or two about Chrome vulnerabilities, as you might imagine. This is why it came as no surprise to me at all to read the short thread on Twitter by the security princess that called out the ‘confusion’ regarding what vulnerability counts actually mean.
The particular confusion is in relation to some of the reporting that appears to correlate disclosed vulnerability counts with an insecure product. That tweet thread referred to “some less-than-sophisticated research” into Chrome security that was published this week. The report said that “the world’s most popular browser Google Chrome also has the most reported vulnerabilities, with 303 vulnerabilities discovered year to date.
” This is based on the latest numbers to be found in the VulnDB vulnerability database . The report also covered vulnerability counts for competing browsers. MORE FROM FORBES New iPhone 15 Leak: This Much-Loved Apple Security Feature Goes AWOL By Davey Winder MORE FOR YOU Juan Soto Contract Rejection Could Make Orioles A Better Buy Than Nationals Recession Watch: Bear Market Deepens As Fed Official Warns Rate Hikes Will Trigger ‘Failures’ Around Global Economy New iPhone 15 Leak: This Much-Loved Apple Security Feature Goes AWOL Do high vulnerability reporting counts equate to an insecure product? So far, so good.
However, it only takes a little bit of searching to find myriad publications claiming that Chrome is the most vulnerable of browsers or similar. To anyone with a scintilla of security nous, equating the number of disclosed and fixed vulnerabilities with being ‘more vulnerable’ than a product with less is, frankly, nonsense. I should point out at this stage that neither the original report nor the vulnerability database it was based upon were making this erroneous assumption.
Back to Google’s browser boss, then. “Some reporters seem to, unfortunately, be confused about what CVE *counts* actually mean. The answer: not much.
” CVEs are the Common Vulnerabilities and Exposures system by which vulnerabilities are referenced and rated for severity. Tabriz’s argument was that a number of media reports were suggesting that a browser with more vulnerabilities than its competitors was, therefore, less secure, even when many of those competitors were built around the exact same chromium engine. Google has some of the best security people in the business I have to agree with the security princess, the whole argument is truly bizarre.
Check out my report, also published today, that looks at a video documentary series from Google providing insight on internal security teams there. Google has some truly amazing security folk, amongst the best in the business, it could be argued, and the fact that vulnerabilities are being found and fixed reinforces this belief. Many vulnerabilities are found by those internal teams, others by hackers who are part of the Google Bug Hunters platform .
With more than $35,000,000 paid out in bug bounties to 2640 bug hunters, it would be hard to argue that the system isn’t working. “More bugs fixed year over year is a good thing,” Tabriz says, “bugs exist in every piece of software out there, so if you think less bug fixes equal more security, a lot of folks on my team would love to have a word. ” As my colleague at Forbes, Gordon Kelly, says: ” don’t let the numbers scare you off .
” MORE FROM FORBES FBI Seeks To Calm Hacking Fears Ahead Of 2022 U. S. Midterm Elections By Davey Winder Follow me on Twitter or LinkedIn .
Check out my website or some of my other work here . Davey Winder Editorial Standards Print Reprints & Permissions.
From: forbes
URL: https://www.forbes.com/sites/daveywinder/2022/10/08/google-chrome-security-300-reasons-why-you-should-not-switch-browser/