{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,3,19]],"date-time":"2026-03-19T21:18:24Z","timestamp":1773955104503,"version":"3.50.1"},"reference-count":31,"publisher":"MDPI AG","issue":"3","license":[{"start":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T00:00:00Z","timestamp":1740441600000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/creativecommons.org\/licenses\/by\/4.0\/"}],"content-domain":{"domain":[],"crossmark-restriction":false},"short-container-title":["Future Internet"],"abstract":"<jats:p>This study systematically evaluates the vulnerabilities of modern web browsers using developed indices derived from the CVE database, including ICVE, ICVSS, IR and IT. These indices incorporate metrics such as vulnerability severity and risks, along with browser popularity, to enable a balanced comparison of browser security. The results highlight significant differences in browser security: while Google Chrome and Samsung Internet exhibited lower threat indices, Mozilla Firefox demonstrated consistently higher scores, indicating greater exposure to risks. These observations a slightly contradict widespread opinion. The findings emphasize the importance of timely software updates in mitigating vulnerabilities, as many incidents were linked to outdated browser versions. This study also introduces a robust methodology for assessing browser threats, providing a framework for future research. Potential applications include developing browser-based penetration testing systems to simulate phishing and data extraction scenarios, offering insights into user-specific risks and broader organizational impacts. By combining theoretical analysis with practical implications, this work contributes to advancing browser security and lays the foundation for future applied research in cybersecurity.<\/jats:p>","DOI":"10.3390\/fi17030104","type":"journal-article","created":{"date-parts":[[2025,2,25]],"date-time":"2025-02-25T03:40:12Z","timestamp":1740454812000},"page":"104","update-policy":"https:\/\/doi.org\/10.3390\/mdpi_crossmark_policy","source":"Crossref","is-referenced-by-count":3,"title":["Assessing Browser Security: A Detailed Study Based on CVE Metrics"],"prefix":"10.3390","volume":"17","author":[{"ORCID":"https:\/\/orcid.org\/0009-0006-3536-9715","authenticated-orcid":false,"given":"Oleksii","family":"Chalyi","sequence":"first","affiliation":[{"name":"Institute of Social Sciences and Applied Informatics, Vilnius University, Muitines St 8, LT-44280 Kaunas, Lithuania"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"K\u0119stutis","family":"Driaunys","sequence":"additional","affiliation":[{"name":"Institute of Social Sciences and Applied Informatics, Vilnius University, Muitines St 8, LT-44280 Kaunas, Lithuania"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"ORCID":"https:\/\/orcid.org\/0009-0007-5683-7546","authenticated-orcid":false,"given":"Vytautas","family":"Rud\u017eionis","sequence":"additional","affiliation":[{"name":"Institute of Social Sciences and Applied Informatics, Vilnius University, Muitines St 8, LT-44280 Kaunas, Lithuania"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"1968","published-online":{"date-parts":[[2025,2,25]]},"reference":[{"key":"ref_1","doi-asserted-by":"crossref","unstructured":"Xavier, H.S. (2024). The Web unpacked: A quantitative analysis of global Web usage. arXiv.","DOI":"10.5220\/0012905900003825"},{"key":"ref_2","unstructured":"Petrosyan, A. (2024, December 16). Number of Internet and Social Media Users Worldwide as of November 2024. Statista, Available online: https:\/\/www.statista.com\/statistics\/617136\/digital-population-worldwide\/."},{"key":"ref_3","unstructured":"Allen, J.W. (2007). The Internet for Surgeons, Springer Science & Business Media."},{"key":"ref_4","first-page":"15","article-title":"A Review of Web Browser Forensic Analysis Tools and Techniques","volume":"1","author":"Rasool","year":"2020","journal-title":"Res. J. Comput."},{"key":"ref_5","doi-asserted-by":"crossref","first-page":"32","DOI":"10.20535\/tacs.2664-29132022.1.274117","article-title":"Comparison of Tools for Web-Application Brute Forcing","volume":"4","author":"Chalyi","year":"2023","journal-title":"Theor. Appl. Cybersecur."},{"key":"ref_6","doi-asserted-by":"crossref","first-page":"tyae032","DOI":"10.1093\/cybsec\/tyae032","article-title":"Measuring the size and severity of the integrated cyber attack surface across US county governments","volume":"11","author":"Harry","year":"2025","journal-title":"J. Cybersecur."},{"key":"ref_7","unstructured":"Constantinescu, V. (2024, December 16). Google Patches Zero-Day Vulnerability with Emergency Chrome Update. Bitdefender, Available online: https:\/\/www.bitdefender.com\/en-us\/blog\/hotforsecurity\/google-patches-zero-day-vulnerability-with-emergency-chrome-update."},{"key":"ref_8","unstructured":"Winger, D. (2024, December 16). Update Chrome Now\u2014Google Warns Of 2 New High-Risk Vulnerabilities. Forbes, Available online: https:\/\/www.forbes.com\/sites\/daveywinder\/2024\/12\/11\/update-chrome-now-google-warns-of-2-new-high-risk-vulnerabilities\/."},{"key":"ref_9","unstructured":"Lakshmanan, R. (2024, December 16). 2 New Mozilla Firefox 0-Day Bugs Under Active Attack\u2014Patch Your Browser ASAP!. The Hacker News, Available online: https:\/\/thehackernews.com\/2022\/03\/2-new-mozilla-firefox-0-day-bugs-under.html."},{"key":"ref_10","unstructured":"Reading, D. (2024, December 16). Critical Mozilla Firefox Zero-Day Allows Code Execution. Dark Reading, Available online: https:\/\/www.darkreading.com\/cyberattacks-data-breaches\/critical-mozilla-firefox-zero-day-code-execution."},{"key":"ref_11","doi-asserted-by":"crossref","first-page":"100075","DOI":"10.1016\/j.csa.2024.100075","article-title":"Novel hybrid deep learning based cyber security threat detection model with optimization algorithm","volume":"3","author":"Markkandeyan","year":"2025","journal-title":"Cyber Secur. Appl."},{"key":"ref_12","doi-asserted-by":"crossref","first-page":"tyae023","DOI":"10.1093\/cybsec\/tyae023","article-title":"A path forward: Improving Internet routing security by enabling zones of trust","volume":"10","author":"Clark","year":"2024","journal-title":"J. Cybersecur."},{"key":"ref_13","doi-asserted-by":"crossref","first-page":"100031","DOI":"10.1016\/j.csa.2023.100031","article-title":"Cyber security: State of the art, Challenges and Future Directions","volume":"2","author":"Admass","year":"2024","journal-title":"Cyber Secur. Appl."},{"key":"ref_14","unstructured":"Parla, R. (2024). Efficacy of EPSS in High Severity CVEs found in KEV. arXiv."},{"key":"ref_15","doi-asserted-by":"crossref","first-page":"tyae022","DOI":"10.1093\/cybsec\/tyae022","article-title":"Into the unknown: The need to reframe risk analysis","volume":"10","author":"Simpson","year":"2024","journal-title":"J. Cybersecur."},{"key":"ref_16","doi-asserted-by":"crossref","unstructured":"Tewari, N., and Datt, G. (2021, January 10\u201312). A Study On The Systematic Review Of Security Vulnerabilities Of Popular Web Browsers. Proceedings of the 2021 International Conference on Technological Advancements and Innovations (ICTAI), Tashkent, Uzbekistan.","DOI":"10.1109\/ICTAI53825.2021.9673463"},{"key":"ref_17","first-page":"469","article-title":"Security Analysis on Browsers","volume":"49","author":"Petkova","year":"2024","journal-title":"Knowl.\u2014Int. J."},{"key":"ref_18","unstructured":"\u0160ili\u0107, M., Krolo, J., and Dela\u010d, G. (2010, January 24\u201328). Security vulnerabilities in modern web browser architecture. Proceedings of the 33rd International Convention MIPRO, Opatija, Croatia."},{"key":"ref_19","unstructured":"Woo, S.W., Alhazmi, O.H., and Malaiya, Y.K. (2006, January 13\u201315). An analysis of the vulnerability discovery process in webbrowsers. Proceedings of the 10th International Association of Science and Technology for Development: Software Engineering and Applications (IASTED SEA), Dallas, TX, USA."},{"key":"ref_20","doi-asserted-by":"crossref","first-page":"242","DOI":"10.14419\/ijet.v7i4.44.26999","article-title":"Web Browser threats and Weakness Descriptive Analysis: Is it Chrome Keep Dominant?","volume":"7","author":"Fajar","year":"2018","journal-title":"Int. J. Eng. Technol."},{"key":"ref_21","unstructured":"StatCounter (2024, December 16). Browser Market Share Worldwide. Available online: https:\/\/gs.statcounter.com\/."},{"key":"ref_22","unstructured":"CVE Details (2024, December 16). CVE Security Vulnerability Database. Security Vulnerabilities, Exploits, References and More. Available online: https:\/\/www.cvedetails.com\/."},{"key":"ref_23","first-page":"305","article-title":"Information retrieval and deanonymization in the tasks of early detection of potential attacks on critical infrastructure","volume":"2","author":"Chalyi","year":"2024","journal-title":"Cybersecur. Educ. Sci. Tech."},{"key":"ref_24","unstructured":"GitHub (2024, December 16). Understanding Risk\u2014Risk Based Prioritization. Available online: https:\/\/riskbasedprioritization.github.io\/risk\/Understanding_Risk\/."},{"key":"ref_25","unstructured":"Christiansen, P. (2024, February 14). How to Update Your Web Browser. Available online: https:\/\/www.highspeedinternet.com\/resources\/how-to-update-web-browser."},{"key":"ref_26","doi-asserted-by":"crossref","first-page":"834","DOI":"10.1080\/00076791.2010.499431","article-title":"The rise of Firefox in the web browser industry: The role of open source in setting standards","volume":"52","author":"Oshri","year":"2010","journal-title":"Bus. Hist."},{"key":"ref_27","doi-asserted-by":"crossref","first-page":"278","DOI":"10.1016\/j.cose.2016.08.004","article-title":"Time between vulnerability disclosures: A measure of software product vulnerability","volume":"62","author":"Johnson","year":"2016","journal-title":"Comput. Secur."},{"key":"ref_28","doi-asserted-by":"crossref","first-page":"52","DOI":"10.61186\/ist.202401.01.07","article-title":"An Evaluation of General-Purpose AI Chatbots: A Comprehensive Comparative Analysis","volume":"1","author":"Chalyi","year":"2024","journal-title":"InfoScience Trends"},{"key":"ref_29","doi-asserted-by":"crossref","first-page":"tyae028","DOI":"10.1093\/cybsec\/tyae028","article-title":"A history of cyber risk transfer","volume":"11","author":"Woods","year":"2025","journal-title":"J. Cybersecur."},{"key":"ref_30","doi-asserted-by":"crossref","unstructured":"Edkrantz, M., and Said, A. (2015). Predicting Cyber Vulnerability Exploits with Machine Learning. Frontiers in Artificial Intelligence and Applications, IOS Press.","DOI":"10.1109\/CSCloud.2015.56"},{"key":"ref_31","first-page":"264","article-title":"Combating the Challenges of False Positives in AI-Driven Anomaly Detection Systems and Enhancing Data Security in the Cloud","volume":"17","author":"Omobolaji","year":"2024","journal-title":"Soc. Sci. Res. Netw."}],"container-title":["Future Internet"],"original-title":[],"language":"en","link":[{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/3\/104\/pdf","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,10,9]],"date-time":"2025-10-09T16:41:55Z","timestamp":1760028115000},"score":1,"resource":{"primary":{"URL":"https:\/\/www.mdpi.com\/1999-5903\/17\/3\/104"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2025,2,25]]},"references-count":31,"journal-issue":{"issue":"3","published-online":{"date-parts":[[2025,3]]}},"alternative-id":["fi17030104"],"URL":"https:\/\/doi.org\/10.3390\/fi17030104","relation":{},"ISSN":["1999-5903"],"issn-type":[{"value":"1999-5903","type":"electronic"}],"subject":[],"published":{"date-parts":[[2025,2,25]]}}}