Posted by: Tony Bradley
browser security, plug-ins, Qualys, vulnerabilities, Web browsers
The various browser vendors continue to enhance the security in the browser with each new release. For example, Internet Explorer 9 is significantly more secure than Internet Explorer 6. But, even if you are using the latest version of your chosen Web browser and you have kept it patched and up to date, there is still only a one-in-five chance that your browser is secure.
A study conducted by Qualys found that 80 percent of Web browsers have holes. Or, as InformationWeek phrases it, “Roughly 80 percent of browsers today are insecure, owing to their having a known vulnerability either in the browser itself, or due to a vulnerable plug-in, such as an outdated version of Shockwave, Flash, the Java runtime environment, or QuickTime.”
The article goes on to state that more than half of the vulnerabilities stem from plug-ins, adding, “The most common insecure browser plug-ins in use are (in order): Java, Adobe Reader, QuickTime, Flash, Shockwave, and Windows Media Player. Many of these plug-ins are widespread–97 percent of computers have the Adobe Flash plug-in installed, and 95 percent have one for Windows Media Player.”
The problem is that the browsers generally have an automatic update feature of some sort, and users are pretty good about keeping the browser up to date, but forget about the plug-ins. Even with updated plug-ins, though, there are still known vulnerabilities that remain exposed in the browsers themselves as well.
You can employ third-party tools like Invincea Browser Protection for an extra layer of defense, or just exercise extreme caution when surfing the Web. Rather than treating your Web surfing like you are strolling through your own back yard with an armed security escort, think of it like you got lost on the wrong side of town, your cell phone battery is dead, and you are trying to navigate dark alleys at night to make it safely home.