Brower plugins have become a near-ubiquitous feature users embrace to enhance their Web experience. But all those nifty add-ons come with risks, as well.
Security vendor Qualys is presenting new research at this year’s RSA conference that highlights one aspect of the vulnerabilities: namely, the failure of many users to keep their plugins updated.
In a survey, Qualys found that many users don’t promptly install plugin updates, a shortcoming that is exacerbated when evaluating Java add-ons.
Qualys found that 42 percent of users are running out-of-date Java plugins, a problem CTO Wolfgang Kandek attributes in part to Oracle failing to publicize its updates.
“The exposure is just not there, for me Oracle Java is just another piece of software and there is no particular attention being paid to the necessity of rolling out the updates,” Kandek said. “I think that is different for Adobe where they are really active, but I haven’t seen the same thing from Oracle around Java.”
eSecurity Planet takes a look at Qualys’ survey of the vulnerabilities in browser plugins.