The Secret Web Browser Monopoly

Published on 25th August 2021 Author: Blane Erwin

Monopolies are bad for society for all sorts of reasons we learned about in school.

But there’s one area in which monopolies are bad for society that isn’t frequently discussed: cybersecurity.

Hardware and software monopolies are juicy targets for cyber attackers for reasons we’ll dive into shortly, and it looks like the market is rapidly moving towards another period of Internet browser monopoly – this time held by Google Chrome instead of Internet Explorer.

Tech Monopolies are Vulnerable to Attackers

Do you remember those iconic PC vs Mac ads from the late 2000s?

They famously claimed that Macs “don’t get viruses.” While it’s not true that Macs don’t get viruses period, it is true that Macs aren’t as vulnerable to cyberattack as Microsoft Windows computers are.

This doesn’t necessarily have anything to do with some super secret hacker-proof code that Apple includes in Mac OS. (Note: NOTHING is unhackable.) It has a lot more to do with market share.

Apple has always had a minority share in the desktop OS space. As of 2021, Mac OS has approximately 15% share of the desktop operating system market. Back in the 2000s, it had less than five percent.

If you are a bad guy and want to develop a new virus or similar cyberattack, which operating system is the more appealing target? It’s Microsoft Windows, obviously. With literally hundreds of millions of more users, it’s likely to yield far larger rewards for your efforts.

The bottom line is that attackers target the most popular products. They have every incentive to!

This is why, from a security standpoint, a diversity of high-quality options is great for end users.

The Chromium-based Monopoly

The web browser market has been through two big monopoly periods over its roughly 30 year existence. It is currently entering a third period.

First, Netscape Navigator peaked at over 90% of market share in the mid 1990s. Then, Microsoft entered the web market at this time with Internet Explorer and used Windows to its advantage – encouraging the adoption of Internet Explorer by including it with Windows.

This worked very well to Microsoft’s favor, and it reached over 90% of browser market share in 2000 and peaked at over 95% in 2005. Its usage fell steadily over the next several years but remained the most used web browser until approximately 2012, when it was surpassed by Google Chrome.

For a quick visual representation of the changes in browser usage over the years, check out this video:

During this period of time there was significant diversity in usage of each browser. Chrome and Internet Explorer both had about 30% of the market while Firefox had 22%. Safari had about 10% and Opera had around 4%. Each of these browsers used different technologies and had little in common with one another.

However, things have not continued this way. Chrome has taken off like a rocket ship and now dominates the desktop market with about 60% of usage. Meanwhile, Internet Explorer carries on like a zombie, mostly used by businesses that need it to use legacy applications. The other big players are Firefox, Opera, Safari, and Microsoft Edge.

While on the surface we still have a more diverse browser market than we had under Internet Explorer’s dominance, today’s versions of these browsers have more in common than you think.

When Google released Chrome, they also released its codebase, Chromium, as an open source browser project. In 2013, Opera rebuilt itself as a Chromium-based browser. Even Microsoft Edge browser is now based on Chromium! There are dozens of smaller Chromium-based browser projects out there, like Brave Browser, too.

Combined, Chromium-based browsers account for well over 70% of the browser market.

Only Firefox and Safari remain as serious independent browsers with their own codebase.

Chromium-based browsers share more than some code.

Because all of these browsers share a codebase, a vulnerability found in Chromium can usually be exploited across all of its children.

Multiple zero-day exploits have been found this year alone that affect multiple Chromium-based browsers.

This is the reality of a software monoculture, they will get more attention from bad guys because the potential rewards are much greater.

Have a Backup Browser

There’s little that anybody can do to change people’s browsing habits, but it’s probably a good idea to have a backup browser on your computer. If you use a Mac, you already have Safari available. If you use Windows, it would be wise to keep Firefox installed.

The vast, vast majority of Chromium bugs are going to be patched extremely quickly, likely before the public even knows about them. But it’s worth remembering the drawbacks that come with a monopoly on critical software.

Want to get great cybersecurity content delivered to your inbox? Click here to sign up for our monthly newsletter, Tales from the Click.

Blane Erwin

Blane is Fractional CISO’s marketing manager. He leads Fractional CISO’s editorial efforts, helping the team share their cybersecurity knowledge on the blog and monthly newsletter, Tales from the Click. Blane has a background in digital marketing and broadcast journalism. Before joining the Fractional CISO team, he helped run the marketing for electric vehicle retailer Current Automotive, and was a television news reporter for NCTV17. Blane has a bachelor’s degree in Broadcast Communication from North Central College.