HACKER Q&A
📣 WorldDev

CVEs Comparison Brave vs. Firefox. Incorrect CVEs for Brave?


I am trying to compare Brave Browser to Firefox, on the security dimension.

One of the metrics I am looking at is the number of CVEs.

It's obviously an imperfect metrics (they all are), but I thought it might be useful.

Over the last 2 years:

- Chrome has [648 CVE](https://www.cvedetails.com/cvss-score-charts.php?fromform=1&vendor_id=&product_id=3264&startdate=2022-03-25&enddate=2024-03-25)

- Firefox has [380 CVE](https://www.cvedetails.com/cvss-score-charts.php?fromform=1&vendor_id=&product_id=3264&startdate=2022-03-25&enddate=2024-03-25)

- Brave has [2 CVE](https://www.cvedetails.com/version-list/0/65025/1/?q=Brave+Browser)

How should I think of the Brave/Chrome CVEs?

I assume that most Chrome CVEs affect Brave as well (since they share the Chromium codebase), so it seems like the numbers of Brave CVE is incorrect?

  👤 pvg Accepted Answer ✓
CVE numerology is not a good way to assess comparative security. A search of the comments of local CVE enjoyer tptacek is a decent jumping-off point:

https://hn.algolia.com/?dateRange=all&page=0&prefix=true&que...