Google detects the most zero-day exploits ever in 2021

Google’s Project Zero team found a record number of zero-day exploits in 2021. The team shared its findings in a blog and mentioned that it discovered 58 security vulnerabilities in the last year.

A zero-day vulnerability, at its core, is a flaw. It is an unknown exploit, possibly floating in the wild for a while, that exposes a vulnerability in software or hardware. These exploits can create disruptions to systems and businesses well before anyone realizes something is wrong.

Google set up the Project Zero team in 2014, and within a year, it reported over 28 zero-day exploit vulnerabilities. In 2020, these were reduced to 25 but in 2021, the tech major detected the maximum number of zero-day exploits so far.

Maddie Stone, a Security Researcher on Google Project Zero explained in the blog that a growing number of cyber-attacks and the popularity of cryptocurrency can be the reasons behind this spike.

The Project Zero team also believes the improvement in its detection of zero-day exploits means more such issues are coming to the forefront.

The researcher also mentioned that post the Covid-19 pandemic, businesses have faced more cyberattacks, as the work-from-home or remote setup is not conducive to strong security measures. 

In addition to that, Project Zero says that higher activities like crypto mining, and increased digitization of businesses, have made them easy targets for such zero-day exploits.

Some of last year’s biggest targets included Apple’s iOS and MacOS, Microsoft Windows and Exchange, and Google itself, which recorded a record 14 zero-days in its browser Chrome that's up from seven in 2020. Google’s Android, meanwhile, saw seven zero-days.

“While we believe there has been a steady growth in interest and investment in zero-day exploits by attackers in the past several years, and that security still needs to urgently improve, it appears that the security industry’s ability to detect and disclose in-the-wild zero-day exploits is the primary explanation for the increase in observed 0-day exploits in 2021,” said the researcher.

In general, companies seem to be getting better at disclosing their security issues to the public. Having said that, “there is still plenty more work to do,” Stone said, adding that customers need to keep strong hygiene of their systems, keep them secure by updating to the latest software patches, and not access links or websites that may have come from unknown sources.