Project Zero, an in-house team of Google experts and analysts tasked with finding zero-day vulnerabilities and exploits, detected a record-breaking 58 in-the-wild exploits in 2021, according to a report from the team published Tuesday.
A zero-day vulnerability refers to security flaws that developers have just become aware of, hence, they’ve “zero days” to fix or “patch” it. Since forming in 2014, Project Zero’s highest number of detected and disclosed zero-day exploits came in 2015 with a total of 28, less than half than those detected in 2021. The contrast was even higher year over year, with only 20 zero-day exploits detected and disclosed in 2020.
Project Zero said that improvements in detecting and disclosing zero-days is the most probable cause for the large uptick in 2021, rather than increased usage of zero-day exploits. Still, the report acknowledges there is further work to do towards the team’s goal, which is to simply “make 0-day hard.”
Google didn’t immediately respond to a request for additional comment.
More to come.