Security News > 2022 > April > Google tracked record 58 exploited-in-the-wild zero-day security holes in 2021
Google's bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, which is the most-ever recorded since its Project Zero team started analyzing these in mid-2014.
"With this record number of in-the-wild zero-days to analyze we saw that attacker methodology hasn't actually had to change much from previous years," wrote Google security researcher Maddie Stone in Project Zero's third annual review of exploited programming blunders.
A little depressing for network and system defenders, perhaps, however Stone puts a glass-half-full spin on the numbers: "We believe the large uptick in in-the-wild zero-days in 2021 is due to increased detection and disclosure of these zero-days, rather than simply increased usage of exploits."
In the annual review, Stone highlighted 52 of the zero-day exploited vulns that Googlers tracked.
While Project Zero tracked a record number of exploited zero-day bugs in 2021, there are "Key targets" missing from this list, Stone noted.
Unless software vendors pledge to publicly disclose all potentially exploited vulnerabilities, and follow through with this promise, the public doesn't know if a given product has no known security holes under attack - or if the company just isn't sharing that information.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/04/20/google_zero_days/
Related news
- Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes (source)
- Google Chrome gets a mind of its own for some security fixes (source)
- Google Adds New Pixel Security Features to Block 2G Exploits and Baseband Attacks (source)
- Week in review: Microsoft fixes two exploited zero-days, SOC teams are losing trust in security tools (source)
- The Rise of Zero-Day Vulnerabilities: Why Traditional Security Solutions Fall Short (source)
- Google: 70% of exploited flaws disclosed in 2023 were zero-days (source)
- Lazarus hackers used fake DeFi game to exploit Google Chrome zero-day (source)