Each browser was given approximately 100,000,000 iterations using a fuzzer, a security testing toolkit that feeds a software application with random data and analyzes the output for abnormalities, and documented each crash. Only security bugs and bugs affecting the currently released version of the browser at the time of fuzzing were counted.
Researcher Ivan Fratri spotted 17 Webkit bugs in Apple Safari, six EdgeHtml bugs in Microsoft edge, four Trident bugs in Microsoft Internet Explorer, four Gecko bugs in Mozilla Firefox, and two Blink bugs in Google chrome.Two of the bugs affected multiple browsers, according to a September 21 blog post.
“The root cause of one of the bugs found in Mozilla Firefox was in the Skia graphics library and not in Mozilla source,” researchers said in the post. “However, since the relevant code was contributed by Mozilla engineers, I consider it fair to count here.”
Fratri noted that while most browsers show clear progress in the overall number of browser bugs, DOM engines are still a big source of web browser bugs. Fratri also invited reserachers to discuss whether or not they feel we are at a stage where it is more worthwhile to look for security bugs manually than via fuzzing or if more targeted fuzzers need to be created instead of using generic DOM fuzzers to achieve better results.