Google Project Zero Detected A Record Number Of Zero Day Threats In 2021

javascript code hero
As we have alluded to in numerous recent posts, security and malware-related alerts are almost weekly if not more frequent. According to Google's Project Zero, a whopping 58 zero day exploits were found in 2021. That's basically about 1.12 new zero day exploits a week.

Project Zero is an initiative from Google meant to track zero day exploits and publicize information on how to avoid them. Unfortunately, in 2021 the project managed to find more than double the amount found in the previous year.

"2021 included the detection and disclosure of 58 in-the-wild zero days, the most ever recorded since Project Zero began tracking in mid-2014. That’s more than double the previous maximum of 28 detected in 2015 and especially stark when you consider that there were only 25 detected in 2020." says the report.

project zero github
Screenshot of Project Zero Github

The summary points out that while the exploits were discovered it does not necessarily mean that all were utilized. However, in the ones that they found were used with malicious intent the method of attack seemed mostly the same or similar as was reported in previous years. Those methods were usually things such as social engineering, or false apps. Additionally, while the data shows that there are more than double the exploits in 2021, that may be due to better reporting from vendors in the market, including Apple and Google themselves.

The report specifically thanks Google Chrome, Microsoft, and Adobe for ensuring that they have had security bulletins with proper reporting IDs for years—zero days are often prefixed with "CVE". Apache has also stepped up its CVE reporting game, though this is likely thanks to the massive security flaw found in Apache's Log4j.

As would be expected, the report mentions that many of the most popular applications or operating systems were common targets of zero day exploits. The following is a quick summary of them.
  • Google Chrome: 14
  • Safari: 7
  • Internet Explorer: 4
  • Windows: 10
  • macOS & iOS Combined: 5
  • Android: 7
  • Microsoft Exchange Server: 5
chrome phone
Image of Google Chrome Icon on Android Phone

While exploits and vulnerabilities like this can be scary in most cases for users all that matters is being wary. If you're not sure you trust an e-mail, a download, or a social network post, just don't interact. If you are on a system where anti-malware is recommended, go ahead and make sure you keep it up to date.

Of course, with any software, make sure you stay as up-to-date as possible. A zero day exploit can be any number of problematic exploits of code that can cause any number of issues. Most commonly they seem to be used to gain elevated permissions on a device allowing an attacker to install tertiary software and often take remote control or steal data. So as is effectively always the case on the Internet, just be careful. Check out Project Zero's full summary for all the gory details.