This week Microsoft disclosed a critical 0-day flaw in Internet Explorer. Microsoft is considering an out-of-band patch, but regardless of when the patch gets released, no Windows XP patch will be coming, except for the companies and governments who are paying a large fee for end-of-life support.
This was about 20 days later than some people estimated, but now it’s happened. The mitigation is to run EMET. But in the long term, getting to a new version of Windows is the only viable option. You can do this on the cheap if you need to.
While we’re talking about browsers, Chrome has the most CVEs associated with it, making it numerically the least secure of the browsers, but they have the fastest time to patch, by far, so the numbers are very deceiving. So using Chrome isn’t a bad choice, especially on XP where Internet Explorer is out of date and forever EOL.