Security News > 2022 > February > Google Project Zero: Vendors are now quicker at fixing zero-days
Google's Project Zero has published a report showing that organizations took less time to address the zero-day vulnerabilities that the team reported last year.
As the data shows, the average period software vendors needed to issue security fixes reported by Project Zero last year was 52 days, down from 80 days three years ago.
In the highly competitive field of mobile OS, Google reports the same performance from both iOS and Android, with the former having an average fix time of 70 days, with the latter needing 72 days.
In the web browser category, Chrome beats everyone with an average bug-fixing period of 29.9 days, while Firefox comes second with 37.8 days.
Apple took more than double that time to fix WebKit flaws, which have been plaguing Safari in the past couple of years, needing an average of 72.7 days.
WebKit is the outlier in this analysis, with the longest number of days to release a patch at 73 days.
News URL
Related news
- Google: Spyware vendors behind 50% of zero-days exploited in 2023 (source)
- Miscreants are exploiting enterprise tech zero days more and more, Google warns (source)
- Google fixes Chrome zero-days exploited at Pwn2Own 2024 (source)
- Zero-day exploitation surged in 2023, Google finds (source)
- Google fixes two Pixel zero-day flaws exploited by forensics firms (source)
- Google Warns: Android Zero-Day Flaws in Pixel Phones Exploited by Forensic Companies (source)
- Google fixes one more Chrome zero-day exploited at Pwn2Own (source)
- Google fixes fifth Chrome zero-day exploited in attacks this year (source)
- Google fixes Chrome zero-day with in-the-wild exploit (CVE-2024-4671) (source)
- Google Chrome emergency update fixes 6th zero-day exploited in 2024 (source)