Forty-one actively exploited zero-day vulnerabilities were detected and disclosed in 2022, down from 69 zero-days in 2021, according to Google’s fourth annual review of zero-day flaws exploited in the wild.
However, Maddie Stone of Google’s Threat Analysis Group warns that while a 40% drop might seem significant, the picture is more complicated and the decrease in numbers is not necessarily means that product security is getting better.
The report says that more than 40% of zero-day vulnerabilities discovered in 2023 were variants of the previously disclosed flaws, including seven from 2021 and one from 2020.
“Two key factors contributed to the higher than average number of in-the-wild 0-days for 2022: vendor transparency and variants. The continued work on detection and transparency from vendors is a clear win, but the high percentage of variants that were able to be used in-the-wild as 0-days is not great,” Maddie Stone wrote in a blog post.
Another issue the report highlights relates to so-called N-days, an exploited vulnerability that has a patch available. The problem here is that due to long patching times many N-day vulnerabilities function on Android as zero-days, exposing users to a risk of attacks.
Google also reported a 42% decline in the number of detected in-the-wild 0-days targeting browsers from 2021 to 2022, dropping from 26 to 15. The researchers believe that this is a result of browser makers’ efforts to make exploitation more difficult, as well as a shift in attacker behavior away from browsers towards 0-click exploits that target other components on the device.
“Many attackers have been moving towards 0-click rather than 1-click exploits. 0-clicks usually target components other than the browser. In addition, all major browsers also implemented new defenses that make exploiting a vulnerability more difficult and could have influenced attackers moving to other attack surfaces,” Maddy Stone wrote.
“When a 0-day is caught in the wild it’s a gift. Attackers don’t want us to know what vulnerabilities they have and the exploit techniques they’re using. Defenders need to take as much advantage as we can from this gift and make it as hard as possible for attackers to come back with another 0-day exploit,” she added.