Sometimes having more CVEs can be a good thing, since it means you're doing a better job discovering bugs. In the past Google used to invent bug hunting technologies like ASAN to do just that. But these days, it doesn't seem like Google is the one discovering them. Each time I hear about a Chrome bug, it's because the Chrome team is reacting to threats in the wild.
It probably isn't safe to run browsers on personal computers anymore. You'd think browsers would have hunkered down by now and devoted more resources to bug hunting, but the velocity of features just keeps increasing. CloudFlare is probably the only company offering a sensible solution, which is to run the browsers as a remote desktop connection. But open source tools should exist for doing that with acceptably similar quality.
I think the most important thing one can do for their own browsing security is not about choosing the most "secure" browser, especially on relatively safe networks such as in the U.S., where MITM is unlikely.
It's using an effective ad-blocker to avoid third-party javascript, and avoiding over-complicated websites with megabytes of opaque javascript inside.
This is my opinion as someone who dabbles in security things and has done many various Web things.
https://www.cvedetails.com/product/15031/Google-Chrome.html?...
https://www.cvedetails.com/product/6761/Adobe-Flash-Player.h...
Sometimes having more CVEs can be a good thing, since it means you're doing a better job discovering bugs. In the past Google used to invent bug hunting technologies like ASAN to do just that. But these days, it doesn't seem like Google is the one discovering them. Each time I hear about a Chrome bug, it's because the Chrome team is reacting to threats in the wild.
It probably isn't safe to run browsers on personal computers anymore. You'd think browsers would have hunkered down by now and devoted more resources to bug hunting, but the velocity of features just keeps increasing. CloudFlare is probably the only company offering a sensible solution, which is to run the browsers as a remote desktop connection. But open source tools should exist for doing that with acceptably similar quality.