Browser scan unveils an abundance of critical vulnerabilities

Through our Qualys BrowserCheck online tool we have collected data from over 1.4 million user computer scans and their respective browsers.

From this research, we have found that 39% of the tested machines have critical vulnerabilities.These vulnerabilities allow cybercriminals to take remote control of your machine, search your disk drive for valuable information, monitor all keystrokes and e-commerce transactions, and intercept private information, such as usernames and passwords, credit card numbers and bank account details.

Our data shows that even the most popular browser in our database, Chrome, has close to 40% of its instances afflicted with a critical vulnerability. Similar numbers apply to Firefox and Internet Explorer, which are less than 5% behind in popularity, but both have 35% and 41% of their instances vulnerable to attacks.

Browsers themselves are only partly to blame though; we see most of them quite up-to-date, with Chrome leading the pack with 90%, Firefox at 85% and Internet Explorer trailing with 75%. The larger part of the problems are contributed by the plug-ins that we use to extend the capabilities of our browsers, led by Adobe Shockwave and followed by Oracle Java and Apple Quicktime.

The lesson is clear: Keep your browser and its plug-ins updated to the latest software versions, and you can ensure that you are protected against the attacks that use these vulnerabilities.

Author: Wolfgang Kandek, CTO, Qualys.