SecBrowsing allows users to report their plugins, by clicking on the "Send to server" button. We use the data to see if we are missing any important plugins with known security vulnerabilities. In this post, I've aggregated the reports for 1 month, producing some hopefully interesting statistics.
How many plugins are there?
- Over 600 plugins (including different versions of the same plugin) were reported by over 3000 users , in the month of Aug 2010. That by itself was interesting to me.
How many plugins does a user have?
- 50% of the users reported over 20 plugins. (This is the median. The average is 21 plugins.)
- 25% of the users reported over 26 plugins.
- 5% of the users reported over 30 plugins.
- One user reported 52 plugins!
Note that some plugins are reported multiple times: Java is reported twice, Realplayer 2-3 times, and Quicktime on Windows is reported 7 times. So the number of unique plugins is probably around 10 on average.
The most popular plugins
- 38 plugins were reported by over 10% of the 3000 users.
They are listed here - after dropping some plug-ins that come bundled with Chrome.
- 98% Shockwave Flash
- 83% Silverlight Plug-In
- 78% Adobe Acrobat
- 66% QuickTime Plug-in
- 61% Microsoft® DRM
- 45% iTunes Application Detector
- 44% Windows Presentation Foundation
- 42% Google Earth Plugin
- 39% Picasa
- 38% Java(TM) Platform SE 6 U21
- 36% Microsoft® Windows Media Player Firefox Plugin
- 31% RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)
- 31% Windows Live® Photo Gallery
- 31% Microsoft Office 2010
- 28% Java Deployment Toolkit 126.96.36.199
- 26% Shockwave for Director
- 25% Windows Media Player Plug-in Dynamic Link Library
- 20% Microsoft Office Live Plug-in for Firefox
- 18% DivX Web Player
- 16% Chrome IE Tab
- 15% VLC Multimedia Plug-in
- 14% 2007 Microsoft Office system
- 10% Cooliris
Note: Cooliris and Chrome IE Tab are extensions that bundle NPAPI plugins. The rest are system-wide NPAPI plugins.