Internet Explorer sets all-time record for security flaws

Security vulnerabilities in Microsoft’s Internet Explorer have more than doubled in the last year, setting a record high with 133 public software flaws reported in the first half of 2014.

Those numbers come from new research conducted by Bromium Labs and posted to the American National Vulnerability Database.

Internet Explorer, which accounts from more than a quarter of all browsers in use today, clocked in at triple the number of vulnerabilities reported for Mozilla Firefox and Google Chrome in the same period.

These vulnerabilities are diverse in nature and effect, with the potential to devastate and co-opt a victim’s computer if the attacker is successful.

Last year, both Chrome and Firefox had more vulnerabilities reported overall than Internet Explorer. Both browsers have cut down on flaws this year, in Chrome’s case decreasing the number by more than half.

“Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers,” the report reads. “The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray.”

Graph via Bromium

Internet Explorer, which had suffered from a poor security reputation for years before losing massive market share to competitors, has been making leaps forward.

Although vulnerabilities are being found extremely quickly, Microsoft is releasing patches to fix the problems faster than ever before in the browser’s history. The first patch for Internet Explorer 11 came just five days after its release in November 2013, the quickest-ever turnaround for Microsoft and a big improvement over the 90-day period that older versions experienced.

Photo via US Army (CC BY 2.0) | remix by Jason Reed


Patrick Howell O'Neill

Patrick Howell O'Neill

Patrick Howell O'Neill is a notable cybersecurity reporter whose work has focused on the dark net, national security, and law enforcement. A former senior writer at the Daily Dot, O'Neill joined CyberScoop in October 2016. I am a cybersecurity journalist at CyberScoop. I cover the security industry, national security and law enforcement.