Google’s Project Zero found over twice as many exploits in 2021

Project Zero, Google’s in-house team of experts tasked with finding zero-day exploits, reports that it found over twice as many in 2021.

According to the team’s annual report, it found a record 58 zero-day exploits in 2021. That’s over double the 25 it detected in 2020 and the previous record of 28 detected in 2015.

(Credit: Google)

While such a large uptick may cause alarm, Google puts a positive spin on the news.

“We believe the large uptick in in-the-wild 0-days in 2021 is due to increased detection and disclosure of these 0-days, rather than simply increased usage of 0-day exploits,” wrote Maddie Stone, Project Zero Security Researcher at Google.

Google also notes that – of the 58 zero-day exploits it found in 2021 – just two “stood out as a novel: one for the technical sophistication of its exploit and the other for its use of logic bugs to escape the sandbox.”

The remaining 56 zero-day exploits were similar to previous and publicly-known vulnerabilities.

However, that’s no reason to become complacent. We’ve seen numerous large attacks using zero-day vulnerabilities over the past couple of years.

“2021 highlighted just how important it is to stay relentless in our pursuit to make it harder for attackers to exploit users with 0-days,” adds Stone.

“We’ve heard over and over and over how governments were targeting journalists, minority populations, politicians, human rights defenders, and even security researchers around the world.”

Last year, Microsoft warned of zero-day vulnerabilities in Windows 10, Exchange, Office, and more — ultimately issuing patches for over 100 potential risks. Apple’s platforms haven’t been spared either, over the past few months alone it’s had to rush out multiple updates to patch various zero-day exploits.

We may never achieve zero zero-day exploits, but faster discovery and patching is the next best thing.

“We want it to be more costly, more resource-intensive, and overall more difficult for attackers to use 0-day capabilities,” Stone summarizes.

(Photo by Jungwoo Hong on Unsplash)

Related: State of Software Security v12: Don’t become complacent, but we’ve come a long way

Want to learn more about cybersecurity and the cloud from industry leaders? Check out Cyber ​​Security & Cloud Expo taking place in Amsterdam, California, and London.

Explore other upcoming enterprise technology events and webinars powered by TechForge here.

Tags: 0-day, cyber security, cybersecurity, exploits, google, hacking, infosec, project zero, security, vulnerabilities, zero-day

Leave a Comment