Researchers at the tech giant Google identified and reportedly fixed four zero-day vulnerabilities affecting its own Chrome browser, Microsoft’s Internet Explorer and Apple’s Safari which may have put user data at risk.
The Trio patched the bugs as soon as Google’s Threat Analysis Group (TAG) reported the vulnerabilities.
In its statement to the media, Google stated that “The four exploits were used as a part of three different campaigns. As is our policy, after discovering these zero-days, we quickly reported to the vendor and patches were released to users to protect them from these attacks.”
The software giant reported that “We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors.”
2021 has seen a rise in the number of publicized zero-day exploits which have been used in attacks with 33 zero-day exploits being revealed, 11 more than the total number from 2020.
“The attackers behind zero-day exploits generally want their zero-days to stay hidden and unknown because that’s how they’re most useful,” Google revealed.
Earlier this year, iPhone maker Apple began revealing vulnerabilities in their security bulletins to include notes if there is reason to believe that a vulnerability may be exploited on the internet.
“When vendors don’t include these annotations, the only way the public can learn of the in-the-wild exploitation is if the researcher or group who knows of the exploitation publishes the information themselves,” the TAG team added.
“Increasing our detection of zero-day exploits is a good thing — it allows us to get those vulnerabilities fixed and protect users, and gives us a fuller picture of the exploitation that is actually happening so we can make more informed decisions on how to prevent and fight it,” the Google researchers noted.