41 Zero-days Exploited In-the-Wild in 2022 – Google Report

In 2022, the detection of zero-day exploits in the wild decreased by 40% compared to the previous year. 

41 in-the-wild 0-days were detected, the second-highest count since 2014, but lower than the 69 found in 2021.

While a 40% drop appears as a security win but, the reality is more complicated than it seems. Despite the drop, 41 zero days in the wild is significant, and declining numbers don’t necessarily indicate improved product security or better detection by defenders.

41 Zero-days Detected

Google’s 2020 finding of 25% exploited zero-days linked to disclosed vulnerabilities increased to over 40% in 2022, with 17 of 41 zero-days connected. Over 20% were variants of previous zero-days, seven from 2021 and one from 2020.

Detection (Source – Google)

In 2022, 18 organizations were credited across the 41 in-the-wild 0-days, highlighting the importance of a large workforce tackling this problem.

Analyzing 2022 0-days, Google researchers anticipate industry focus in the following areas:-

  • Enhance patching to promptly address variants and n-days posing as 0-days.
  • Platforms adopt browser-like mitigations to reduce the exploitability of entire vulnerability classes.
  • Make sure to increase transparency and collaboration between vendors and defenders to detect exploit chains across multiple products.

The 0-days detected and disclosed in the wild serve as one of many indicators for security experts, who attribute the 40% drop from 2021 to 2022 to a mix of improvements and regressions, leading to a higher-than-average count in 2022.

Gaps between upstream vendors and downstream manufacturers enable n-days to act as 0-days due to the lack of available patches, leaving users with limited defenses. Android experiences more prevalent and extended gaps in such associations.

Zero-Days Platforms (Source – Google)

Alongside the general decrease in detected zero-days, browser zero-days reduced by 42% in 2022, possibly due to increased exploit mitigations by manufacturers and attackers shifting focus to other areas.

In 2022, attackers also favored zero-click exploits, targeting non-browser components like iMessage.

Zero-Days Browsers (Source – Google)

One-click exploits require a visible link that targets must click, potentially detectable by security tools, with the exploits hosted on a server at that link that is navigable.

In the second half of 2023, their 0-days in-the-wild program moves from Project Zero to TAG, combining vulnerability analysis, detection, and threat actor tracking expertise in one team – introducing TAG Exploits.

Keep yourself informed about the latest Cyber Security News by following us on GoogleNewsLinkedinTwitter, and Facebook.

Gurubaran

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Recent Posts

Attackers Exploit BIND DNS Server Vulnerability to Crash Servers Using Malicious Packets

The vulnerability in BIND DNS server software allowed attackers to crash DNS servers by sending…

5 minutes ago

New Process Injection Technique Evades EDR by Injecting Malicious Code into Windows Processes

Researchers revealed this method exploits shared memory regions and thread context manipulation to execute malicious…

8 minutes ago

ThreatBook Recognized as a Notable Vendor in Global Network Analysis and Visibility (NAV) Report

ThreatBook, a global leader cyber threat and response solutions backed by threat intelligence and AI,…

3 hours ago

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party JavaScript…

15 hours ago

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs to…

15 hours ago

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate payroll…

15 hours ago