A vulnerability and compliance management firm found that 39 percent of users are running browsers with critical vulnerabilities – a finding users should be particularly mindful of during the holiday shopping frenzy online.

Wolfgang Kandek, CTO of Qualys, revealed the findings last Wednesday on the company’s site after the firm analyzed 1.4 million computer scans of browser use.

According to Kandek, the critical vulnerabilities include those that “allow cyber criminals to take remote control of your machine, search your disk drive for valuable information, monitor all keystrokes and  e-commerce transactions and intercept private information, such as usernames and passwords, credit card numbers and bank account details,” he wrote.

Among the most popular browsers tested, around 41 percent of Internet Explorer browsers had critical vulnerabilities. Chrome browsers were a close match, as close to 40 percent were impacted by critical flaws.

Research also revealed that 35 percent of Firefox browsers were found to be vulnerable, as well as nearly 34 percent of Opera browsers, and just under 30 percent of Safari browsers.  

Kandek noted that popular plugins also played a large part in exposure to online threats.

“Browsers themselves are only partly to blame though,” Kandek said. “We see most of them quite up-to-date…The larger part of the problems are contributed by the plug-ins that we use to extend the capabilities of our browsers,” Kandek said, noting Adobe’s Shockwave plugin, followed by Oracle’s Java and Apple’s Quicktime, as the most vulnerable plugins detected through the analysis.