Security News > 2022 > April > Google Project Zero Detects a Record Number of Zero-Day Exploits in 2021
Google Project Zero called 2021 a "Record year for in-the-wild 0-days," as 58 security vulnerabilities were detected and disclosed during the course of the year.
"The large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits," Google Project Zero security researcher Maddie Stone said.
The sandbox escape is "Notable for using only logic bugs," Google Project Zero researchers Ian Beer and Samuel Groß explained last month.
A platform-wise breakdown of these exploits shows that most of the in-the-wild 0-days originated from Chromium, followed by Windows, Android, WebKit/Safari, Microsoft Exchange Server, iOS/macOS, and Internet Explorer.
What's more, Google Project Zero pointed out the lack of public examples highlighting in-the-wild exploitation of zero-day flaws in messaging services like WhatsApp, Signal, and Telegram as well as other components, including CPU cores, Wi-Fi chips, and the cloud.
"0-day will be harder when, overall, attackers are not able to use public methods and techniques for developing their 0-day exploits," forcing them "To start from scratch each time we detect one of their exploits."
News URL
https://thehackernews.com/2022/04/google-project-zero-detects-record.html
Related news
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)
- Adobe fixes Acrobat Reader zero-day with public PoC exploit (source)
- Adobe fixed Acrobat bug, neglected to mention whole zero-day exploit thing (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Hackers exploit 52 zero-days on the first day of Pwn2Own Ireland (source)
- Lazarus Group Exploits Google Chrome Vulnerability to Control Infected Devices (source)