Microsoft's Internet Explorer hit a record high for reported vulnerabilities in the first half of 2014, according to security firm Bromium.
The web browser was found to have 133 vulnerabilities during the period, comparing unfavourably to rivals Firefox and Chrome, which had 61 and 52 respectively, according to the National Vulnerability Database.
Bromium said: "The notable aspect for this year thus far in 2014 is that Internet Explorer was the most patched and also one of the most exploited products, surpassing Oracle Java, Adobe Flash and others in the fray.
"Bromium Labs believes that the browser will likely continue to be the sweet spot for attackers."
Adobe Flash was said to be the most exploited browser plugin for zero day attacks this year, with the company reporting that hackers were using new methods to force ActionScript to execute code.
Bromium also noted that updates for browsers were becoming more frequent, as well an initial security patches.
"It is notable that despite its past notorious reputation, Java had no reported zero day exploitation in the first half of 2014," it added.
Microsoft, Adobe and Oracle have been contacted for comment.