internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
internet security tHreAt rePOrt GOVernMent 2013
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
p. 144<br />
Symantec Corporation<br />
Internet Security Threat Report <strong>2013</strong> :: Volume 18<br />
VULNERABILITy TRENDS<br />
Web Browser Vulnerabilities<br />
Background<br />
Web browsers are ever-present components for computing<br />
for both enterprise and individual users on desktop and on<br />
mobile devices. Web browser vulnerabilities are a serious<br />
<strong>security</strong> concern due to their role in online fraud and in the<br />
propagation of malicious code, spyware, and adware. In addition,<br />
Web browsers are exposed to a greater amount of potentially<br />
untrusted or hostile content than most other applications and<br />
are particularly targeted by multi-exploit attack kits.<br />
Web-based attacks can originate from malicious websites as<br />
well as from legitimate websites that have been compromised<br />
to serve malicious content. Some content, such as media files or<br />
documents are often presented in browsers via browser plugin<br />
technologies. While browser functionality is often extended<br />
by the inclusion of various plug-ins, the addition of plug-in<br />
components also results in a wider potential attack surface for<br />
client-side attacks.<br />
Data<br />
Figure D.6. Browser Vulnerabilities, 2011 and 2012<br />
Source: Symantec<br />
600<br />
500<br />
400<br />
300<br />
200<br />
100<br />
APPLE SAFARI<br />
GOOGLE<br />
CHROME<br />
MICROSOFT<br />
INTERNET EXPLORER<br />
Methodology<br />
Browser vulnerabilities are a sub-set of the total number of<br />
vulnerabilities cataloged by Symantec throughout the year. To<br />
determine the number of vulnerabilities affecting browsers,<br />
Symantec considers all vulnerabilities that have been publicly<br />
reported, regardless of whether they have been confirmed by<br />
the vendor. While vendors do confirm the majority of browser<br />
vulnerabilities that are published, not all vulnerabilities may<br />
have been confirmed at the time of writing. Vulnerabilities that<br />
are not confirmed by a vendor may still pose a threat to browser<br />
users and are therefore included in this study.<br />
MOZILLA FIREFOX<br />
OPERA<br />
2011 2012<br />
This metric examines the total<br />
number of vulnerabilities<br />
affecting the following Web<br />
browsers:<br />
• Apple Safari<br />
• Google Chrome<br />
• Microsoft Internet Explorer<br />
• Mozilla Firefox<br />
• Opera