internet security tHreAt rePOrt GOVernMent 2013

Recommendations

Info

p. 144 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 VULNERABILITy TRENDS Web Browser Vulnerabilities Background Web browsers are ever-present components for computing for both enterprise and individual users on desktop and on mobile devices. Web browser vulnerabilities are a serious security concern due to their role in online fraud and in the propagation of malicious code, spyware, and adware. In addition, Web browsers are exposed to a greater amount of potentially untrusted or hostile content than most other applications and are particularly targeted by multi-exploit attack kits. Web-based attacks can originate from malicious websites as well as from legitimate websites that have been compromised to serve malicious content. Some content, such as media files or documents are often presented in browsers via browser plugin technologies. While browser functionality is often extended by the inclusion of various plug-ins, the addition of plug-in components also results in a wider potential attack surface for client-side attacks. Data Figure D.6. Browser Vulnerabilities, 2011 and 2012 Source: Symantec 600 500 400 300 200 100 APPLE SAFARI GOOGLE CHROME MICROSOFT INTERNET EXPLORER Methodology Browser vulnerabilities are a sub-set of the total number of vulnerabilities cataloged by Symantec throughout the year. To determine the number of vulnerabilities affecting browsers, Symantec considers all vulnerabilities that have been publicly reported, regardless of whether they have been confirmed by the vendor. While vendors do confirm the majority of browser vulnerabilities that are published, not all vulnerabilities may have been confirmed at the time of writing. Vulnerabilities that are not confirmed by a vendor may still pose a threat to browser users and are therefore included in this study. MOZILLA FIREFOX OPERA 2011 2012 This metric examines the total number of vulnerabilities affecting the following Web browsers: • Apple Safari • Google Chrome • Microsoft Internet Explorer • Mozilla Firefox • Opera
p. 145 Symantec Corporation Internet Security Threat Report 2013 :: Volume 18 VULNERABILITy TRENDS Commentary • All vulnerabilities dramatically increased in 2012, except Opera and Microsoft Internet Explorer, which saw a slight increase. • Chrome vulnerabilities increased dramatically in 2012 (268). This could be due to the series of exploits developed to prove that Chrome is not unbreakable. After a spike in 2010 (191), the documented vulnerabilities for Chrome browser dropped to 62 for 2011, which is a similar level as in previous years. Several bug bounty programs were organized in 2012, which has contributed to the exposure of a lot of Chrome vulnerabilities. • These five browsers combined had 891 reported vulnerabilities in total in 2012, which is a strong increase from 351 in 2011. This increase is due to dramatically increased vulnerabilities seen in Safari, Chrome, and Firefox.
Page 1 and 2:
internet security tHreAt rePOrt GOV
Page 3 and 4:
p. 3 Symantec Corporation Internet
Page 5 and 6:
Page 7 and 8:
Page 9 and 10:
Page 11 and 12:
Page 13 and 14:
Page 15 and 16:
Page 17 and 18:
Page 19 and 20:
Page 21 and 22:
Page 23 and 24:
Page 25 and 26:
Page 27 and 28:
Page 29 and 30:
Page 31 and 32:
Page 33 and 34:
Page 35 and 36:
Page 37 and 38:
Page 39 and 40:
Page 41 and 42:
Page 43 and 44:
Page 45 and 46:
Page 47 and 48:
Page 49 and 50:
Page 51 and 52:
Page 53 and 54:
Page 55 and 56:
Page 57 and 58:
internet security tHreAt rePOrt APP
Page 59 and 60:
Page 61 and 62:
Page 63 and 64:
Page 65 and 66:
Page 67 and 68:
Page 69 and 70:
Page 71 and 72:
Page 73 and 74:
Page 75 and 76:
Page 77 and 78:
Page 79 and 80:
Page 81 and 82:
Page 83 and 84:
Page 85 and 86:
Page 87 and 88:
Page 89 and 90:
Page 91 and 92:
Page 93 and 94: p. 93 Symantec Corporation Internet
Page 101 and 102: p. 101 Symantec Corporation Interne
Page 143: p. 143 Symantec Corporation Interne
show all

internet security tHreAt rePOrt GOVernMent 2013

Create successful ePaper yourself

Delete template?

Save as template?