Zero-day exploits found and disclosed hit a record high in 2021, Google Project Zero says

Written by
Apr 19, 2022 | CYBERSCOOP

Researchers at Google’s Project Zero said they tracked 58 cases of zero-day exploits “in the wild” in 2021 — the most ever detected and disclosed in a single year since the group began its work in mid-2014.

The 2021 total is more than double the previous maximum, 28, tracked in 2015. And it’s “especially stark when you consider that there were only 25 detected in 2020,” Maddie Stone, a security researcher with Project Zero, wrote in findings posted to the group’s website Tuesday.

New software bugs are discovered, publicly disclosed and patched all the time, often before malicious hackers can take advantage of them. Project Zero is primarily concerned, however, with the vulnerabilities that attackers discover and exploit first — the ones that software companies have had “zero days” to patch.

The good news about the 2021 total, according to Stone, is that the increased number is likely due to the increased detection and disclosure of zero-day exploits, rather than the increased usage of them.

The bad news, however, is that “attacker methodology hasn’t actually had to change much from previous years,” Stone wrote. “Attackers are having success using the

Read More: