Chrome's security is, however, light years ahead of anyone else's; it remains the sole reason I still use it.
It's possible to use Little Snitch to deny Keystone/ksupdate all network access, which is what I do, which removes the Google RCE vulnerability it places on your machine.
Make sure to periodically manually update Chrome, however.
In the security industry it's commonly known Chrome has the best security, this partly due to the amount of money Google invests in finding vulnerabilities (via fuzzing) in Chrome.
For "proof", you can check how much exploit vendors pay for exploits for each browser. For example Zerodium offer:
The higher amount would generally indicate its harder to get an RCE in Chrome
That does not follow at all. Chrome has the highest market share and so an exploit would have the greatest impact potential. More users affected => more economic value for an exploit.
If they both have similar market share, then that variable has been isolated and the conclusion that the cheaper exploit is the less secure is sound. When that variable has not been isolated, it's not possible to conclude that the difference in price is due to security and not due to the exploit affecting more people.
"The amounts paid by ZERODIUM to researchers to acquire their original zero-day exploits depend on the popularity and security level of the affected software/system, as well as the quality of the submitted exploit (full or partial chain, supported versions/systems/architectures, reliability, bypassed exploit mitigations, default vs. non-default components, process continuation, etc)."
So, if chrome, with ~65% of the market share had the same payout as firefox at ~4% of the market share, it would be fair to conclude it's less secure. However, we see 5x the payout and 16x the market share. Doesn't seem conclusive.
In fact, given Firefox's tiny market share (despite my efforts) I'm surprised the disparity isn't higher. Maybe it's harder to find Firefox exploits?
It's more likely that more popular browsers equally have more people attempting to crack them; and software in general is so buggy that results probably scale in proportion to the number of people looking.
Thats a valid point if we're referring to relatively unknown browsers. But the main three browsers are all high profile enough that they all have significant eyes on them and are thoroughly tested.
Firefox may have a small market share, but exploits for Firefox may even have more value to some entities/governments, due to its use in Tor Browser.
To clear any confusion, all three are extremely secure in comparison to other types of products (which is why exploits are so expensive), however Chrome just edges ahead, due to its sandboxing, and rapid patch cycle.
> chrome's security is, however, light years ahead of anyone else's
give evidence to support your claim. I've been using Firefox for the past 10 years and I fail to see how it's insecure. I do see however, how it's not nearly as user-hostile as chrome.
All the metrics you've given are either subjective or inconclusive. I think the claim that firefox is less secure than chrome needs to be backed by a metric such as the number of critical issues and how long they took to be patched. Otherwise it sounds as mere speculation.
It's possible to use Little Snitch to deny Keystone/ksupdate all network access, which is what I do, which removes the Google RCE vulnerability it places on your machine.
Make sure to periodically manually update Chrome, however.