From almost 250 security flaws reported for the top 20 software solutions with the most number of vulnerabilities discovered in the first month of the year, Google Chrome came at the head of the list, according to a security service company.
In the latest quarterly report published by Secunia, Google’s product took the second place in November 2014 with 61 vulnerabilities, being topped by Oracle Solaris, with 73 security glitches.
Chrome had by far the largest amount of flaws reported. In December 2014, Google Chrome did not make it on the top 20 list created by Secunia, but come January it was at the top of the list, with 71 reported vulnerabilities; the next product had only 19. Although the number may seem alarming, this does not mean that the product is plagued with security holes, as the developer paid more than $1.5 / €1.3 million to researchers pointing out bugs in its products. Google is dedicated to increasing the safety of all its products to such an extent that sometimes cybercriminals focus their efforts on exploiting flaws on other platforms.
The large amount of flaws recorded for the web browser can be explained by the fact that third-parties are incentivized by the company’s Security Reward Programs to find new ways to bypass protections implemented in Chrome. Secunia’s report informs of the trio of Flash Player zero-days discovered to be actively exploited in January and at the beginning of February, all of them targeting Mozilla Firefox and Internet Explorer.
Flash Player is not in the top five
The product with the highest number of security glitches in January, as per the data gathered by Secunia, is X.org, a package that enables a graphical environment (X Window System) on Unix-like systems. A total of 152 bugs were reported for X.org, all of them in December 2014. Other products on the list for the same month are NVIDIA Graphics Drivers for Linux (63), Oracle Solaris (39), IBM WebSphere Message Broker (25), and Novell eDirectory (25). The Secunia-complied top 20 for January includes Oracle Java JRE and SDK (each with 19 glitches), Mozilla Firefox (16) and Oracle VirtualBox (13).
Adobe Flash Player occupied the sixth place, with only 12 vulnerabilities. However, the number in the next report is definitely going to be higher since the company fixed a total of 18 glitches in a single update in February. It is important to note that Secunia's vulnerability reports do not reflect a product's current security status, as they only enlist the vulnerabilities that have been reported for a particular solution.
Earlier, the FBI has issued a warning to police and other emergency response personnel about a lethal new tool which ‘malicious actors’ have been using to deadly effect against American government institutions – Google dorks.