Security News > 2022 > February > Google Project Zero: Vendors are now quicker at fixing zero-days
Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.
As the data shows, the average period software vendors needed to issue security fixes reported by Project Zero last year was 52 days, down from 80 days three years ago.
In the highly competitive field of mobile OS, Google reports the same performance from both iOS and Android, with the former having an average fix time of 70 days, with the latter needing 72 days.
In the web browser category, Chrome beats everyone with an average bug-fixing period of 29.9 days, while Firefox comes second with 37.8 days.
Apple took more than double that time to fix WebKit flaws, which have been plaguing Safari in the past couple of years, needing an average of 72.7 days.
WebKit is the outlier in this analysis, with the longest number of days to release a patch at 73 days.
News URL
Related news
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Google’s AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine (source)
- Google fixes two Android zero-days used in targeted attacks (source)