Security News > 2022 > April > Google tracked record 58 exploited-in-the-wild zero-day security holes in 2021
Google's bug hunters say they spotted 58 zero-day vulnerabilities being exploited in the wild last year, which is the most-ever recorded since its Project Zero team started analyzing these in mid-2014.
"With this record number of in-the-wild zero-days to analyze we saw that attacker methodology hasn't actually had to change much from previous years," wrote Google security researcher Maddie Stone in Project Zero's third annual review of exploited programming blunders.
A little depressing for network and system defenders, perhaps, however Stone puts a glass-half-full spin on the numbers: "We believe the large uptick in in-the-wild zero-days in 2021 is due to increased detection and disclosure of these zero-days, rather than simply increased usage of exploits."
In the annual review, Stone highlighted 52 of the zero-day exploited vulns that Googlers tracked.
While Project Zero tracked a record number of exploited zero-day bugs in 2021, there are "Key targets" missing from this list, Stone noted.
Unless software vendors pledge to publicly disclose all potentially exploited vulnerabilities, and follow through with this promise, the public doesn't know if a given product has no known security holes under attack - or if the company just isn't sharing that information.
News URL
https://go.theregister.com/feed/www.theregister.com/2022/04/20/google_zero_days/
Related news
- 3 Actively Exploited Zero-Day Flaws Patched in Microsoft's Latest Security Update (source)
- Google fixes Android kernel zero-day exploited in attacks (source)
- Google Patches 47 Android Security Flaws, Including Actively Exploited CVE-2024-53104 (source)
- Google patches odd Android kernel security bug amid signs of targeted exploitation (source)
- Google Chrome's AI-powered security feature rolls out to everyone (source)