In a recent report, Google Project Zero pointed out that during 2021 58 zero-day vulnerabilities were reported exploited, a record in the short time that this specialized team has been tracking this kind of flaws. In this report, the researchers noted that the number of zero-day faults exploited doubled since 2020.
Against this background, Project Zero believes that the cybersecurity industry must adopt a more proactive approach to avoid the exploitation of these flaws: “The decisions we make in the security and technology communities can have a real impact on society and the lives of our peers,” say the researchers.
In their report, the Project Zero researchers reference the work of security firm Citizen Lab, which earlier in the week also issued a report on zero-day bugs exploited by commercial firms NSO Group and Candiru. These companies have been linked to zero-day vulnerability exploitation campaigns to spy on and keep an eye on people of interest in Catalonia, spain’s autonomous region.
On the notable increase in the exploitation of these flaws, Google believes that this is due to improvements in detection and disclosure systems, not necessarily an increase in zero-day flaws: “Attackers are succeeding using the same error patterns and exploitation techniques and chasing the same attack surfaces, “He believes that this is due to the same number of flaws”, adds researcher Maddie Stone.
Among the 58 vulnerabilities reported by Google, 39 are memory corruption errors, 17 use-after-free errors, 6 out-of-bounds read and write flaws, 4 buffer overflow errors, and 4 integer overflow errors.
Project Zero also put together a list of affected platforms, highlighting Chromium: “Chromium had a record number of zero-day flaws detected and disclosed in 2021, with 14. Of these flaws, 10 were remote renderer code execution errors, 2 sandbox leaks, one more information leak and one more flaw can be exploited to open a web page in Android applications other than Google Chrome,” the report states.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.