In a November article on ZDNet, Larry Seltzer asked the question, “Why are there more browser vulnerabilities?" Granted, he was looking primarily at the incredibly high number of vulnerabilities found in Microsoft’s Internet Explorer over the past year. According to his report, Firefox is unimportant within the browser landscape, Google’s Chrome vulnerability records are murky, and there isn’t enough good data on Safari, so he focused in on IE.
However, even though Seltzer is thinking of vulnerabilities and IE, he has a valid question. Just because we are unsure of the security data in other browsers doesn’t mean they are more secure or vulnerability free. And this leads us to a security prediction from Malwarebytes, which states that browsers are going to be a major endpoint security headache for businesses in 2015.
According to a Malwarebytes release, 72 percent of IT decision makers said that exploitable browser vulnerabilities are a serious security issue, and:
The research also shows that a staggering 82% of all companies have experienced at least one online attack in the last year alone. This is supported by a worrying trend for multiple attacks, with the average company being subjected to three, all of which took a severe toll on help desks and employee productivity.
Said Marcin Kleczynski, CEO of Malwarebytes in a formal statement:
The growing concerns over browser vulnerabilities are a particularly notable trend, speaking volumes about their effectiveness as an attack method. Given the ever-advancing threat landscape, it should be obvious by now that an endpoint security strategy built around a single traditional anti-virus solution isn’t enough.
As Deb Shinder wrote for Windows Security, the Web has become a dangerous place, often unknowingly dangerous, thanks to the way malware can be easily embedded into a site, using the very technologies that enhance those same sites. She then added:
As if that weren’t enough, all popular Web browsers (like all software of every type) have security flaws, some more serious than others.
Google is taking a step to provide better website security in 2015 via its Chrome browser by alerting users of the lack of security of sites they visit. That’s something, but it still doesn’t address the flaws being seen in browsers themselves. I’ve seen a number of predictions that say we’re going to see more problems like the Heartbleed bug, where vulnerabilities were found in old code. Will similar issues arise in browsers in the coming year? Will criminals take advantage of the flaws in browser codes and applications to spread malware? I suppose we will eventually find out. Let me know your thoughts in the comments below.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba