Friday, June 21, 2024

41 Zero-days Exploited In-the-Wild in 2022 – Google Report

In 2022, the detection of zero-day exploits in the wild decreased by 40% compared to the previous year. 

41 in-the-wild 0-days were detected, the second-highest count since 2014, but lower than the 69 found in 2021.

While a 40% drop appears as a security win but, the reality is more complicated than it seems. Despite the drop, 41 zero days in the wild is significant, and declining numbers don’t necessarily indicate improved product security or better detection by defenders.

41 Zero-days Detected

Google’s 2020 finding of 25% exploited zero-days linked to disclosed vulnerabilities increased to over 40% in 2022, with 17 of 41 zero-days connected. Over 20% were variants of previous zero-days, seven from 2021 and one from 2020.

Detection (Source – Google)

In 2022, 18 organizations were credited across the 41 in-the-wild 0-days, highlighting the importance of a large workforce tackling this problem.

Analyzing 2022 0-days, Google researchers anticipate industry focus in the following areas:-

  • Enhance patching to promptly address variants and n-days posing as 0-days.
  • Platforms adopt browser-like mitigations to reduce the exploitability of entire vulnerability classes.
  • Make sure to increase transparency and collaboration between vendors and defenders to detect exploit chains across multiple products.

The 0-days detected and disclosed in the wild serve as one of many indicators for security experts, who attribute the 40% drop from 2021 to 2022 to a mix of improvements and regressions, leading to a higher-than-average count in 2022.

Gaps between upstream vendors and downstream manufacturers enable n-days to act as 0-days due to the lack of available patches, leaving users with limited defenses. Android experiences more prevalent and extended gaps in such associations.

Zero-Days Platforms (Source – Google)

Alongside the general decrease in detected zero-days, browser zero-days reduced by 42% in 2022, possibly due to increased exploit mitigations by manufacturers and attackers shifting focus to other areas.

In 2022, attackers also favored zero-click exploits, targeting non-browser components like iMessage.

Zero-Days Browsers (Source – Google)

One-click exploits require a visible link that targets must click, potentially detectable by security tools, with the exploits hosted on a server at that link that is navigable.

In the second half of 2023, their 0-days in-the-wild program moves from Project Zero to TAG, combining vulnerability analysis, detection, and threat actor tracking expertise in one team – introducing TAG Exploits.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.


Latest articles

PrestaShop Website Under Injection Attack Via Facebook Module

A critical vulnerability has been discovered in the "Facebook" module (pkfacebook) from for...

Beware Of Illegal OTT Platforms That Exposes Sensitive Personal Information

A recent rise in data breaches from illegal Chinese OTT platforms exposes that user...

Beware Of Zergeca Botnet with Advanced Scanning & Persistence Features

A new botnet named Zergeca has emerged, showcasing advanced capabilities that set it apart...

Mailcow Mail Server Vulnerability Let Attackers Execute Remote Code

Two critical vulnerabilities (CVE-2024-31204 and CVE-2024-30270) affecting Mailcow versions before 2024-04 allow attackers to...

Hackers Attacking Vaults, Buckets, And Secrets To Steal Data

Hackers target vaults, buckets, and secrets to access some of the most classified and...

Hackers Weaponizing Windows Shortcut Files for Phishing

LNK files, a shortcut file type in Windows OS, provide easy access to programs,...

New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document

Researchers discovered a new malware loader named SquidLoader targeting Chinese organizations, which arrives as...
Guru baran
Guru baran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Free Webinar

API Vulnerability Scanning

71% of the internet traffic comes from APIs so APIs have become soft targets for hackers.Securing APIs is a simple workflow provided you find API specific vulnerabilities and protect them.In the upcoming webinar, join Vivek Gopalan, VP of Products at Indusface as he takes you through the fundamentals of API vulnerability scanning..
Key takeaways include:

  • Scan API endpoints for OWASP API Top 10 vulnerabilities
  • Perform API penetration testing for business logic vulnerabilities
  • Prioritize the most critical vulnerabilities with AcuRisQ
  • Workflow automation for this entire process

Related Articles