PCWorld's recent Web browser showdown may have crowned Chrome the ultimate winner, but new data suggests that Google's popular contender shouldn't rest on its laurels just yet.
In fact, after a similar market-share shift in August, Chrome fell further into third place in September, buoying Mozilla's Firefox firmly back into the second-place spot it occupied until relatively recently.
In August, Chrome claimed 19.13 percent of the desktop browser market, according to market researcher Net Applications, while Firefox accounted for 20.05 percent. Still in first place was Microsoft's Internet Explorer, with 53.60 percent.
Firefox's four-year low of 19.7 percent occurred in May 2012.
Now, for September, Firefox has increased to 20.08 percent, while Chrome has dipped to 18.86 percent. Explorer, meanwhile, gained a bit, reaching 53.63 percent.
'Critical Vulnerabilities for Months'
Of course, there's no denying that browser market share data varies tremendously with the firm that collects it--among many other factors.
Coincidentally, however, a recent report from security researcher Brian Krebs suggests that users should be wary of Internet Explorer, in particular.
“In a Zero-Day World, It's Active Attacks that Matter” is the title of Krebs' recent blog post, and he concludes that, “unlike Google Chrome and Mozilla Firefox users, IE users were exposed to active attacks against unpatched, critical vulnerabilities for months at a time over the past year and a half.”
In fact, “if we count just the critical zero-days, there were at least 89 non-overlapping days (about three months) between the beginning of 2011 and Sept. 2012 in which IE zero-day vulnerabilities were actively being exploited,” Krebs wrote--and “that number is almost certainly conservative.”
For that same time period, however, Krebs couldn’t find any evidence that malicious hackers had exploited publicly disclosed vulnerabilities in Chrome or Firefox before those flaws were fixed, he added.
'A Very Sane Approach'
Krebs' analysis comes in the wake of a recent zero-day vulnerability affecting IE.
“Microsoft was relatively quick to issue a fix for its most recent IE zero-day (although there is evidence that the company knew about the vulnerability long before its first public advisory on it Sept. 17),” but “the company’s 42-day delay in patching CVE-2012-1889 earlier this summer was enough for code used to exploit the flaw to be folded into the Blackhole exploit kit, by far one of the most widely used attack kits today,” Krebs wrote.
While browser choice can be an emotional topic, at least “temporarily switching browsers to avoid real zero-days is a very sane and worthwhile approach to staying secure online,” he wrote. “Although it is true that all software has vulnerabilities, the flaws we should truly be motivated to act on are those that are actively being exploited.”