back to article Chrome is the most secured browser - new study

Google Chrome offers more protection against online attacks than any other mainstream browser, according to an evaluation that compares exploit mitigations, malicious link detection, and other safety features offered in Chrome, Internet Explorer, and Firefox. The 102-page report, prepared by researchers from security firm …


This topic is closed for new posts.
  1. JDX Gold badge


    I didn't spot any mention of browser versions in the article and I don't want to read 20Mb of data. Can anyone more motivated help out?

    1. ArmanX

      According to page 4:

      Chrome 12 (12.0.724.122)

      Chrome 13 (13.0.782.218)

      Internet Explorer 9 (9.0.8112.16421).

      Firefox 5 (5.0.1)

      Also interesting to note:

      "As of July, 2011 a combination of Google Chrome, Microsoft Internet Explorer and Mozilla Firefox represent 93.4% of all users accessing the Internet [W3_Schools_Market_Penetration]. While other browsers would have been interesting to compare, in the interest of time they were excluded from this study."

      So, test two versions of Chrome, but skip Safari and Opera, because they would take too long.

  2. Anonymous Coward
    Anonymous Coward

    Time to change my 'fap' browser!

    1. Anonymous Coward
      Anonymous Coward

      Surely everyone now uses Chrome in porn - I mean incognito - mode?

      1. Anonymous Coward
        Anonymous Coward

        Opera is best for one handed browsing

        Space bar goes to the next image in the gallery

  3. Mark Jan


    It seems odd that Opera was omitted from the tests given that Opera's proponents often claim that theirs is the most secure browser.

    Maybe Google wouldn't have liked Accuvant's results had Opera been included...

    1. ArmanX


      Opera may only have a tiny sliver of users, but leaving it out proves to me that this study wasn't really meant to test which browser is more secure, just which browsers make Chrome look better. Only mentioning FF and IE, and leaving out Safari and Opera, is just not a good study for "best". Even if those browsers didn't do as well, I'd still like to see the results...

      Then again, in my recent study involving myself, my son, and two college guys, I've determined I'm the oldest man in the world!

      1. Grease Monkey Silver badge

        Indeed Safari and Opera should have been included, although they each have less than 10% of the user base that still accounts for a hell of a lot of users. However maybe they were included, but were at least as secure as Chrome.

        1. HMB

          "Not including Opera" Wah!!

          If I was a security researcher I'd be very happy getting to 93.4% coverage.

          Any rational study has to do cost benefit analysis. Two versions of chrome may seem excessive, but they seem to be taking the perfectly rational approach of getting the largest shares in first. This produces the most cost effective measurement of the market.

          Why bother with around 1% of the UK market (go see Opera's market share) when there's nothing wrong with the rest? From a business perspective it's simply not worth it.

          1. John Robson Silver badge

            No IE6 or 7?

            Not getting close to picking up 93% really are they...

            Could have been really interesting to see how the main three (I agree, 5 would have been more interesting) browsers have improved over the last n years.

    2. Miek

      I think they were only evaluating Mainstream Browsers.

      1. Eeep !
        Thumb Down

        If the mainstream are sh*t that hides the sh*tness :(

        Hummmm..... comparing mainstream browsers with more secure browsers might mean people use more secure browsers, which in turn would mean the more secure browsers become mainstream because they are more secure.

        Simply comparing a top 3 popular browsers doesn't really do much for benchmarking in a report comparing security of browsers. It would be a sensible include browsers with claimed security credentials along with the usual top browsers to give balance of what is possible.

    3. Anonymous Coward

      Here you go. some INDEPENDANT results...

      They left out Opera, which has historically had the best security track record of them all... Seems like an intentionally knobbled set of results.

      How can they claim that when Google sponsored it, and they excluded a browser that sits of the tree for security, that it's impartial. Here are some results based on the real world...

      Google Chrome 159 -

      FireFox 72 -

      Internet Explorer 25 -

      Opera 36 -

      1. Dan 55 Silver badge

        Don't look at the quality, feel the sandbox

        I hope they've managed to program the sandbox to a higher quality than the browser itself which has over twice as many known security holes as Firefox, six times as many as IE, and four times as many as Opera.

        Maybe Safari's not there in this sponsored test because if the other mainstream WebKit-based browser has fewer holes then questions start to be asked.

        If a sandbox for Firebox or Opera is that important, it can be run with user privileges instead of admin privileges (which is what I do incidentally).

  4. Anonymous Coward

    No Opera, epic fail.

    1. Studley

      You appear to have accidentally put the word "No" at the beginning of your post.

    2. El Cid Campeador

      Oh dear...

      Can we avoid the inevitable "You didn't mention Opera!" "Only losers use Opera" flame war and stick to actually figuring out if there's any merit to this study? I mean they didn't test the browsers' Linux versions either (believe it or not there are people who actually run IE on Wine. No, I can't figure it out either unless you're a developer and then a VM would probably be easier) but hey, let's deal with what we have, OK?

      1. Anonymous Coward
        Anonymous Coward

        IE On WINE?

        IE on WINE? I'd never even thought of that. I can't wait until Monday then, I'll see if I can get it going at work - I think that there are one or two devs that I could actually make explode with a combination of confusion and indignation.

        1. Anonymous Coward
          Anonymous Coward

          IEs 4 Linux

          Because it's better than running a VM on my netbook.

        2. ArmanX

          Take a look at IEs4Linux - not only can you install IE, but you can install LOTS of IE! 5, 5.5, 6, and beta support for 7, 8, and 9! Concurrently!

        3. jonathanb Silver badge

          There are builds of wine specifically for ie. It runs ie6 as well as anything else does. I haven't tried it for a while, so I don't know how well later versions of ie run.

    3. Anonymous Coward

      Indeed 250m users can't be wrong...

      Something this "report" seems to somehow conveniently forget.

  5. Mike Flex

    So a report commissioned by Google finds Chrome is the most secured browser.

    Well, fancy that.

    1. Raz

      Re: Mike Flex

      Yes, they lost me when it said it was sponsored by Google. How is this news worthy? It would have been if it was sponsored by Microsoft, but by Google? Come on!

  6. Slipgate

    Study sponsered by?

    Nothing against Chrome, I use it and IE a lot - but I always get suspicous with one browser having 80-odd% more ticks than the others. Of course, it could be that Google have damn fine programmers!

    1. Code Monkey

      Perhaps that explains why there's no Opera :o)

  7. Anonymous Coward
    Anonymous Coward

    Report Author

    I'm sorry, I stopped reading here "The report was commissioned by Google"

    (Not a Google bash - I use Chrome, but really, want's the point of 'independent' research funded/commissioned by one of the parties)

    1. Miek

      Would you prefer that it was commissioned by $MS? I suspect the list of mainstream browsers tested would have been limited to :

      IE7, IE8, IE9

      1. L1feless

        I agree...

        The one disappointment for me was that Safari was not on the list. I believe the point was to show the most commonly used browsers. Safari IS on that list. I agree that if the point of the study was to showcase security then it would not of hurt the researchers if they added Opera. There are some pretty rabid Opera fans out there who insist that it is the most secure. Which is fine and great but it is one of those things where if no one tests it how can it be proven. To bad Opera didn't join in the party and have their browser tested.

        Round 2...Fight?

      2. theblackhand

        Re: Would I prefer MS to have sponsored the survey?

        My opinion of Chrome would have increased if MS had sponsored this survey and Chrome was shown to be clearly superior to IE and Firefox.

        As Google sponsored the survey and the survey showed Google's Chrome was the best, I'll stick to treating this as there might possibly be security issues with other browsers but I will wait for an independent source to verify them before changing to Chrome.

        1. Keep Refrigerated

          MS sponsored a website

          Guess which browser they 'independently' assessed was the most secure?

          So, MS sponsored website says IE is the most secure, Google sponsored study says Chrome is the most secure. Your move Mozilla...

      3. Old Handle


        They did, and strangely enough they found that IE was the most secure browser.

  8. Ken Hagan Gold badge

    Process Creation, eh?

    I read that process creation was allowed by IE and Firefox. So, why don't we see loads of DOS attacks based on maliciously launching a command prompt with FORMAT C:?

    There is presumably more to that comparison table than meets the eye, so presumably Chrome's long list of green ticks isn't quite as impressive as it looks.

    1. The Original Steve


      ... The drive is locked (in use), you'd need to script it to provide the confirmation "yes" and you also need to elevate to admin rights. (Assuming you're not one of the idiots that disabled UAC).

      1. Ken Hagan Gold badge

        So you invest the 10 minutes or so it takes to figure out how to script it, and then send it to all your friends running XP. XP still has an appreciable fraction of the market, so it would still work.

        Moreover, if *today's* browsers are still open to this attack, presumably in the years before Win7 turned up, you could have used the same attack on just about all Windows users. (Vista's market share has always been insignificant.)

        History suggests that this didn't happen, so presumably Firefox and IE aren't as open to attack as this report suggests.

  9. Sporkinum


    Since neither Chrome nor IE have a proper adblock/noscript implementation, in day to day use, I would think not allowing the scripts in the first place would actually be better.

    However, if you are going to surf naked, like most people do, then this study has merit.

    1. Craigness

      hosts file hack > adblock

    2. LaeMing


      I feel expecting an adblock function on a browser produced by a company that effectively IS web advertising is a bit of an ask!

    3. yoinkster

      Chrome doesn't have adblock?

      What then is this?

  10. Barry Tabrah

    Versions compared

    Chrome 12 and 13, IE9 and Firefox 5.

    It would have been interesting to see how IE8 and Firefox 3.6 fared, as there's still a pretty decent user base for those versions.

    1. Anonymous Cowerd

      Firefox 5 is already obsolete

      so it would also be nice to know how the later versions perform in this test

  11. El Cid Campeador
    Black Helicopters

    Need my armor

    I use Chromium for my grad school email since the university has been assimilated by Google anyway-- and it's nice and fast though I dislike the UI-- but until I have NoScript/AdBlock/BetterPrivacy/RequestPolicy on Chromium... they can have my Firefox when they pry my cold, dead, fingers away from it.

  12. Jay Clericus

    Tried out chrome when FF was having some issues with sites, ended up removing and reinstalling. What I liked about FF was when I quit the program it did not stay in memory just in case I wanted to use it.

    Chrome's adblock and other mods are all seperate processes that are memory resident

    No surprise that google won a google sponsored comparison that missed out opera and safari

  13. Anonymous Coward
    Anonymous Coward

    What about

    Firefox + NoScript + BetterPrivacy + AdBlock Plus?

    1. Grease Monkey Silver badge

      Why is that relevant? I'll bet a lot less than 10% of FF users have that setup. Most browser users have the default install and only geeky little nerds have anything else.

      But the point is that this is a test on the default install. You can make any browser more secure without installing externsions or plugins, just by changing your settings.

    2. Rafael L

      You mean *third-party* ad blockers and a thing that make Websites useless (no JS!?)...

      1. Pascal Monett Silver badge

        NoScript does not make websites useless

        It only prevents badly programmed websites from doing things without my permission.

        Oh, and it also gives me time to decide if I actually want the website I am on to run code BEFORE it runs it.

    3. mechBgon Sandboxie. Then you'd be getting somewhere. Remember that one of your trusted sites can become compromised, and there goes your NoScript protection. Statistically, more than half the malicious websites out there are legit sites that got compromised.

      FireFox's lack of sandboxing or Low-integrity operation is hard to excuse.

    4. Anonymous Coward
      Anonymous Coward

      And how exactly do these plugins help vs deep brower flaws ;)

  14. joejack

    Sandboxing cripples developer tools

    One reason I still prefer FF is because Chrome is so perfectly sandboxed that only a "lite" version of Firebug is supported. Perhaps this could be resolved if, when you install a Chrome plug-in, it pops up an Android-like list of permissions you can grant it.

    1. Mike Kamermans

      Just because it's a browser, doesn't mean you need the exact same plugin to get the exact same functionality?

      Chrome, like any webkit browser, comes with dev tools: hit ctrl-shift-I and there it is, doing everything for you in Chrome that dragonfly does in Opera, and firebug does in Firefox. Except you don't have to install it yourself, it doesn't slow down the browser (the current complaint by people working on firefox on the mozilla side), and doesn't require you to constantly phone home to your browser's maker (like dragonfly, which sends the page data to for analysis, unless you install it locally, at which point it becomes really slow).

  15. Danvighar


    Why the heck wouldn't they test the _current_ Firefox builds (8 and whatever the 3.6 series is up to now)?

    1. Craigness

      Chrome is currently at 15 but they tested 12 and 13. Maybe they did the testing a while ago.

    2. Anonymous Coward
      Anonymous Coward

      because when the study was done

      they didn't exist you muppet

    3. Anonymous Cowerd


      because they didn't exist last July when the study was done

  16. ElReg!comments!Pierre

    Not "secure"

    "secured" (and really should read "sandboxed")

    That says it all. There was no attempt made to assess the security/vulnerability of the browsers. Just "how strictly is the stuff sandboxed". It's nice to know, but shouldn't be mistook for actual security.

    Cars with more airbags are not less likely to have accidents; a reliable braking system, good road holding, etc are more important (the consequences, however might or might not be mitigated).

    1. Pascal Monett Silver badge

      Airbags, ABS, proper road hugging and all the rest are good things to have, but if you have a moron behind the wheel, they won't help all that much.

  17. Grease Monkey Silver badge

    The interesting thing here is that FF is still largely funded by Google. As such if Google were showing any bias you'd expect FF to come second. The fact that it didn't might point to there being no bias, or more likely there was no way the authors could fudge the report in such a way that would put Chrome first and FF second.

  18. Christian Berger

    Chrome supports Native

    And IE supports Active X. You need sandboxes in both and there is no telling how secure those are.

  19. Anonymous Coward
    Anonymous Coward


    The only time I ever picked up a drive by download that actually infected my system with some potent malware was when I was using Chrome.

    Admittedly it was over a year ago and before Chrome went mainstream, but it reminded me never to trust the security claims of any software. I foolishly believed the claims made for Chrome's sandbox and promptly got bitten. It was around that time that I found NoScript and to this day I'd take FF+NS over anything else.

  20. Mike Flex


    > Would you prefer that it was commissioned by $MS?

    No, a report needs to be independent, or it isn't worth the electrons that have been jiggled to bring it to you. Even if the authors actually were even-handed you can't trust their report.

    1. Mike Kamermans

      That would be taking prejudice to the other extreme. It's not about who funds it, it's about whether the report stands up to scrutiny. Someone paid to have the research done. Can you refute the claims derived from the data gathered? Good. Tried, but can't? Also good. Not bothered to? A failing party are you. It's easy to wave away research because a party that may benefit from the result, should it turn out in their favour, shoved some money at some people to do the research for them, but that's also demonstrating exceptionally poor critical thinking skills.

      1. SoulReaper

        You dont need to be able to refute the claims. Chrome may well be the most secure according to their criteria, but they may have looked at the browsers using many different criteria and chose the ones that gave the results they wanted. What they say may have some merit, firefox ought to ad sandboxing, but this doesnt mean ff users should switch to chrome.

    2. Charles 9

      But without a motivation...

      ...who's going to pony up the money? Barring a government intervention, what would make a completely independent firm want to test browser security against something else? As they say in America, "Where's the money, sonny?"

  21. Tchou

    "...started with the premise that buffer overflow bugs and other security vulnerabilities were inevitable..."

    In this complaisance to mediocre code lies all the tragedy.

    It is absolutely false.

    1. Anonymous Coward


      I think you meant COMPLACENCE.

      They sound similar but have different meanings.

      1. Tchou

        My bad. You're right.

        1. Grease Monkey Silver badge

          Even when you spell the word correctly the sentence doesn't make sense.

  22. Qdos

    Oh FFS!!!

    No browser is any more secure than its plug in modules... and yes, as per previous comments, why not include Opera, since it has some 100 million users... sheesh...

  23. Jess
    Thumb Down


    So how can this be credible without a mention of opera?

    1. Lars Silver badge

      Well, it cannot

      "So how can this be credible without a mention of opera?"

      This was a test comparing only Chrome, Internet Explorer, and Firefox.


  24. Yet Another Anonymous coward Silver badge

    Enough with the opera comments

    It's obvious why Opera wasn't included

    There was a Gartner report that cited a man in the pub that knew someone whose brother-in-law said Opera makes you ghey.

  25. Anonymous Coward

    How To Sandbox Firefox

    On Linux: Create an AppArmor profile. Requires some system knowledge, but then the profile can simply be copied to any number of computers.

    On Windows one could probably use Sandboxie to perform that.

    1. Grease Monkey Silver badge

      But why should users go to that trouble? The authors should be doing the work.

      1. Anonymous Coward
        Thumb Up

        Yes and No

        I agree that a standard profile should be part of a Linux distro. On the other hand, different enterprises might have different ideas about how to lock down their firefoxes (and other programs such as OpenOffice or g++). That's why it might be best left to system administrators of an organization to define the AppArmor profile for their user base.

  26. JDX Gold badge


    They tested the world's 3 most popular browsers - Windows versions of Chrome, FF and IE. They released the data meaning anyone can extend the report for other browsers on other OSes... as the article mentions.

    Also - a truly secure browser would impose security on plugin-modules.

    1. Ed Vim

      World's 3 most popular? Taking into consideration WinXP's still high market share numbers their choice to use IE9 in the testing indicates they were using some other performance metric than 'popularity'.

      ...and I agree with the numerous posts that Opera should have been included. This study lost some relevance to me as Opera has more than earned its status as a modern, viable web browser.

  27. Mage Silver badge

    Wrong headline.

    Chrome most secured and Popular Corporate Spyware ever.

  28. Anonymous Coward

    It's always, always WIndows. Yawn.

    But please don't think this is a smug fanboy penguin. It's not. It's a penguin that would like to be better informed Just what risks are cross-platform and what are not.

    Please: won't somebody think of the penguins?

    1. Anonymous Coward
      Anonymous Coward

      Read Up on AppArmor

      ..because that will allow you to sandbox FF, G++, OpenOffice, evince, whatever you want to secure.

  29. ted frater
    Thumb Down

    Chrome is irritating

    Im not sure wether google have done it deliberately, but Chrome is not a comfortable user experience for me despite being fast and accurate.

    I use my book marks to go to the same sites and forums every day, in FF and Opera the bookmarks are always on the left of the screen, along with the close buttons.

    In Chrome, the "other bookmarks" are over on the extreme right, with the close button or arrow on the left. It makes it hard work going back and forth , wereas in FF and opera its much more intuitive so quicker to browse.

    Opera 3 was superb in its day, along with Netscape 3 , just as fast as the modern equivalent.

    Interested in other users opinions.


    1. Craigness

      Quicker without a mouse?

      If you visit sites a lot then "pin" them from the tab bar context menu. The tab will move to the left hand side and only the icon will show. Pinned tabs open automatically when you open Chrome.

      Here are some keyboard shortcuts:

      Bookmarks: f6, then type a few letters of the site name

      Close tab: ctrl+w

      Close Chrome: ctrl+shift+w

      Back: backspace or alt+<left arrow>

      Search: ctrl+e then type

      New tab: ctrl+t

      New window: ctrl+n

      Downloads: ctrl+j

      New bookmark: ctrl+d

      ...and many more

    2. Steve Graham

      That irritated me too, so I looked at the code. Curiously, although the user can move other bits of the UI, the "other bookmarks" button is treated as an exception and fixed in place.

      In addition, this makes the bookmarks heirarchy always cascade to the left, which seems unnatural to me. Maybe I should learn Arabic.

      A conspiracy theory explanation is that, for Google, bookmarks are BAD, because you can get to a site without using Google Search to find it.

  30. Knochen Brittle

    Turd in the Sandbox

    ... play carefully.

  31. Boris the Cockroach Silver badge


    f***ing overflows?

    Who writes shit code that does'nt check for size STILL?

    After all the other buffer overflow attacks over the years.....

    1. Anonymous Coward

      Everybody Does

      Just look at the source for yourself. Full of char* and other plain pointers (as opposed to much more safe smart pointers).

      Then using "modern" STL containers such as vector, which feature unchecked index operators and unchecked iterators. libpoppler (the major open source PDF renderer ) even sports void* containers. You can store everything in these containers, clever ain't it ?

      All that to make these programs 10% faster than using smart pointers and range checked containers/arrays/strings.

  32. eulampios

    >> a security sandbox that shields vital parts of the Windows operating system from functions that parse JavaScript, images and other web content.

    Shouldn't it be in the design of the said operating system to shield its vital parts without any additional provisions?

  33. Anonymous Coward
    Anonymous Coward

    Safari and Chrome are both WebKit browsers. So, why do we keep talking about them like they're completely different products? They're both just differing front-ends for the same browser engine.

  34. Jonas Taylor

    I've been using Chrome for years and have found it to be an excellent browser. I migrated from Firefox, as the update procedure - both for the browser and extensions - was hugely inconvenient and interfered with my browsing. Chrome has a better interface, better security, better standards support and, most importantly, better performance. Firefox used to be my go to browser but it just didn't keep up with the competition and inherited many of the problems that people criticised about Internet Explorer (problems with performance, standards support, security, etc).

    Don't get me wrong, if Chrome starts to fall behind the competition then I will switch just as quickly. Afterall, it's only a web browser.

  35. illiad

    90% have never heard of opera...

    .. and if they have, it's only because their geek mates say its infested with ad ware.. (they are still hanging on to the decade old news, when ads were used to sponsor development..)

    go on, go to a student union near you and say "what do you think when I say 'opera' , and 'firefox' ?"

    NO! YOU try.. :P

    Hey, you do know that only the top 10% of people know THIS place *exists* , never mind them being able to find it???

    now if Opera was not that shy to advertise aggressively, like Mozilla back then, they might now even be as 'recognizable' as FF...

  36. illiad

    100 million users???

    I will raise you 270,000,000 .... and that was 2 years ago!!

    If the current Internet population is about 1.5 billion and Firefox has 22.8% browser share, that works out to roughly 342 million users. Either way, impressive numbers for the open source browser.

    hey I'm hopeless at math, but it looks like opera (by YOUR figures!) has less than 7% ??

    I you read that opera link, you will know desktop opera only has 50 million, so much less...

    you work it out... :)

  37. Steve Graham

    Security vs Privacy

    OK, Google: now tell us which is the best major browser for user privacy and resilience to tracking.

  38. Anonymous Coward
    Anonymous Coward

    "In much the way traditional sandboxes prevent sand from mixing with grass on a playground....."

    This ain't America - we call them sand-pits

  39. Anonymous Coward
    Anonymous Coward

    Happy so far

    Must admit that using Chrome for the last 2 months there is only one site it plays up on. It's super fast on page loads and I think has only crashed twice on Ubuntu.

  40. Anonymous Coward
    Anonymous Coward

    What about SRWare Iron

    SRWare Iron is even more secure than Google Chrome because the re-build cuts out all the Google spyware from Google Chrome!

  41. JDX Gold badge

    @Ed Vim

    You do make a good point about WinXP... maybe I should have said "3 most popular _current_ browsers".

    I definitely would like to see the study extended to Mac/Linux versions of Chrome/FF, and Safari on Win/Mac... but I still think Google are fine not to pay for testing every combination, since they let us do this.

  42. Anonymous Coward
    Anonymous Coward

    No other security software?

    Surely it makes better sense for browsers to focus on being good browsers and for separate security suites to focus on security. OK that's not a license for browsers to be full of holes but as a consumer I'm not happy to if my annual "Norton tax" still leaves me vulnerable to attack.

  43. Anonymous Coward

    Very fishy

    I would be quite happy to take the results of this 'independent' study at face value except for the fact that all of the tests seems to have been chosen to favour Chrome.

    For a start they tested two versions of Chrome and yet excuse not testing some other contenders due to limitations on resources - a clear bias right out of the gate.

    Then, over all of the individual tests (highlighted in the article) Chrome gets a tick for every single one - scoring a golden 100%. In not a single aspect was IE or Firefox better than Chrome? I find that very hard to swallow. Usually competing products have different pros and cons!

  44. Anonymous Coward

    Wait, Google doing evil ?

    Researchers accuse Google of plotting to undercut Firefox

    1. Grease Monkey Silver badge

      If Google want to hammer FF all they have to do is stop funding Mozilla.

  45. Ryan Smith (Hustle Labs)

    Great Comments

    There's some great comments everyone's been making. Maybe this blog post addresses some of them: ?

This topic is closed for new posts.

Other stories you might like