web analytics
Home » Technology » Google » Google Project Zero saw record zero-days in 2021

Google Project Zero saw record zero-days in 2021

Project Zero from the California search engine giant is a team of Google security experts who keep their own and external threats under control. And in 2021, the gap hunters were busier than ever, recording a record number of zero-day exploits.

Google recently held its annual report published on the security gaps and threats that plagued the technology world last year – and there were quite a few, yes, more can be talked about than ever. First, the Californians explain the goal: “The purpose of this report is not to detail each individual exploit, but to analyze the exploits of the year as a group and look for trends, gaps, lessons, successes, etc.”

Duplication of detected exploits

Last year there was a veritable explosion of 0-day exploits, according to Google Project Zero, a total of 58 such serious gaps could be counted by 2021. That is more than twice as many as in 2020 when there were “only” 25 zero days. However, this does not necessarily mean that the attackers have become more active and successful.

Despite this high number, according to Google, there is not necessarily cause for concern or even panic. Because the good news, according to Project Zero, is that the attackers’ methodology hasn’t changed significantly from previous years: “Attackers succeed if they use the same error patterns and exploit techniques and target the same attack surfaces.” However, this also means that the security industry can detect 0-day scenarios faster and respond better to them. At the same time, Google warns that one can and should rest on its laurels.

Praise Microsoft, and Apple

Google also praised its own teams, as well as partners and competitors: Microsoft, Apple, Apache, and its own Chromium and Android teams did a great job in exposing security gaps in their respective products in 2021.

But not all of them were praised: gaps were also discovered and published in Qualcomm and ARM, but the manufacturers themselves didn’t say anything about it in their own security reports. Most of the 0 days were detected in Chromium, 14 to be exact. Apple’s WebKit came up with seven gaps, the long-defunct Internet Explorer still managed four. Windows had ten zero-days, Android had seven exploits, Microsoft Exchange Server five, iOS four, and there was one hole in macOS.