The frequent discovery and subsequent patching of product vulnerabilities are seen by many as an indicator of poor security, but I disagree. I’ve always maintained that having these security holes found by internal teams, bug bounty systems, or even just independent researchers is preferable to having them remain undiscovered.
By consistently and openly releasing patches, vendors demonstrate a robust security posture. Sure, in a perfect world there wouldn’t be any flaws in software and no new ways could be found by hackers to exploit code. It should not have escaped your attention that we do not live in a perfect world. This is an area where Google excels, as evidenced by the recent security improvements introduced in Chrome 102.
Yet, according to a newly published study from Which? in the United Kingdom, Google has even less to be proud of in another area of web browser security, phishing protection.
According to a survey by Which?, Google Chrome has weaker phishing security than other browsers.
No matter what you use to measure browser popularity, Google Chrome will always come out on top. Chrome dominates the browser market with over 3 billion users and a 65% dominance on desktop (second-place Safari has only 9%).
According to Which?, however, it has been soundly defeated by Apple Safari, Microsoft Edge, Mozilla Firefox, and Opera in terms of one key security metric: the ability to identify and block phishing websites. Something Google, it must be noted, doesn’t agree with.
According to Michael Passingham, a senior researcher at Which? the report is based on testing of the most common web browsers by attempting to visit a total of 800 newly-found sites very shortly after they are first detected. It appears this was done to see how successfully browsers dealt with phishing attempts from new sites not yet included in the phishing database.
Results were platform-specific, therefore we broke them down further into Windows and Mac categories: Chrome from Google came in dead last in all categories. The following table displays the percentages of attempted phishing site visits that were blocked by various browsers.
