Google’s Project Zero team has published its findings for 0-day exploits in the year 2021. It detected the most 0-days in this year but some positive insights that can be drawn too.
Google’s Project Zero security team has published its annual report on 0-day exploits, covering the year 2021. It has also compared this information against its historical data, dating back to 2014. Its analysis has resulted in a bunch of interesting insights and questions in this domain. For starters, Google Project Zero detected 58 0-day exploits in 2021, this is a record high since the team started tracking this metric in 2014. It is also important to note that only 25 0-day exploits were detected in 2020. That said, this does not necessarily mean that attackers have become more active and successful. Google says that attack patterns and surfaces have remained mostly static in 2021 – barring a couple of novel 0-days – so it believes that the record high figure is actually due to increased detection and disclosure. Google praised Microsoft, Apple, Apache, and its own Chromium and Android teams for publicly disclosing vulnerabilities in security bulletins in their own products during 2021. It also noted that exploits were detected and disclosed in Qualcomm and ARM products too, but it’s unfortunate that these were not detailed in the vendors’ own advisories.
