The chart you just linked (which doesn't show a timescale) shows Chrome with over 300 exploitable bugs. I doubt the denial of service label, that just usually means that a bug wasn't fully investigated. So, again, how is this different from Flash? Chrome is riddled with vulnerabilities (and Safari is too).
Flash runs in a low-priv environment is nearly every major browser, includes application-specific exploit mitigations, and it silently auto-updates, just like Chrome. It's all a matter of the Flash install base: it's in 90%+ of browsers and it's running the same-ish codebase in all of them, making it a relatively stable platform to develop exploits for. That's it! It's more a factor of market share and not "security."
Every document reader, HTML renderer, JavaScript engine, browser, media player, etc that you use is the same -- a house of cards built on poor memory management :-/.
Your statement about Chrome is clearly way off, and that's what your parent was addressing. He never said Chrome was bug-free. And he was right to say that Chrome is way ahead of the other browsers (according to these stats, at least).
Edit: those stats show Chrome is better in terms of CVE severity, not number of annual CVEs.
I don't think the classification of most of those DoS bugs are correct. I also don't think there's a big difference between 100 vulns per year and 300 vulns per year. You go fishing and you find some each time.
Flash runs in a low-priv environment is nearly every major browser, includes application-specific exploit mitigations, and it silently auto-updates, just like Chrome. It's all a matter of the Flash install base: it's in 90%+ of browsers and it's running the same-ish codebase in all of them, making it a relatively stable platform to develop exploits for. That's it! It's more a factor of market share and not "security."
Every document reader, HTML renderer, JavaScript engine, browser, media player, etc that you use is the same -- a house of cards built on poor memory management :-/.