Google’s Project Zero has been particularly effective in 2021. The team of researchers has indeed identified no less than 58 zero-day flaws throughout the year, twice as many as in 2020. According to the firm, this confirms that it is getting harder and harder for hackers to exploit them for malicious purposes.
Zero-day vulnerabilities are probably the biggest digital threat today. As a reminder, these are unknown vulnerabilities to the battalion among the manufacturers, which hackers can therefore exploit for a potentially long time before it is patched. There is therefore a merciless battle between hackers and cybersecurity experts, who will find these famous zero-day flaws first.
Aware of the essential stake of these vulnerabilities, Google has set up a team called Project Zero specially dedicated to the search for zero-day vulnerabilities. Precisely, in 2021, the latter was particularly effective. Indeed, in a recent blog post, the firm reveals with detected a total of 58 zero-day flaws throughout the year.
On the same subject: Chrome 95 — Google urgently fixes two zero-day flaws, install the update quickly
Google is unbeatable at finding zero-day vulnerabilities
If, at first glance, this figure does not seem that impressive, it should be put into context. First, this is double the vulnerabilities spotted by Project Zero in 2020. Also, as said before, zero-day vulnerabilities are as rare as they are valuable. 58, so that’s the number of those vulnerabilities that could never fall into the hands of the wrong people.
On the same subject: Google Chrome – a gigantic flaw affects 3.2 billion users, install the update quickly!
One could then think that the increase in these discoveries is not a very good sign for users. On the contrary, Google clarifies that this increase is due to the improvement of its search techniques, and not to a growing risk for the security of the devices. Furthermore, only two of the 58 flaws were actually new. The others were just variations of already known vulnerabilities.
Otherwise, and this is bad news, hackers don’t have to work as hard as before to exploit zero-day vulnerabilities. Moreover, those discovered by Google are far from encompassing the entire digital sphere. WhatsApp, Signal and Telegram, for example, did not report any of these flaws in all of 2021, suggesting that these companies are not specifically looking to find them before hackers.
Source: Google