Google researchers discover new zero-day attack vectors

Get a free Techzine subscription!

They found malware campaigns that exploited previously unknown flaws in Google Chrome, Internet Explorer and WebKit.

Google released information this week about four zero-day security vulnerabilities that they found “in the wild” earlier this year. Google’s Threat Analysis Group (TAG) and Project Zero researchers discovered the vulnerabilities. Google’s TAG actively works to detect hacking attempts and influence operations to protect users from digital attacks. This includes hunting for these types of vulnerabilities because they can be particularly dangerous when exploited. They also have a high rate of success.

The four zero-days were part of three malware campaigns. They exploited previously unknown flaws in Google Chrome, Internet Explorer, and WebKit, the browser engine used by Apple’s Safari. Zero-day vulnerabilities are unknown software flaws. Until they’re identified and fixed, attackers can exploit them.

TAG researchers Maddie Stone and Clement Lecigne detailed their findings in a blog post. They claim three of the exploits come from the same commercial surveillance company that sold these capabilities to two different “government-backed actors.”

Why So Many 0-days?

The attackers behind 0-day exploits generally want their 0-days to stay hidden and unknown, according to the TAG team. This makes the attacks most useful. But they say there are multiple factors that could be contributing to the uptick in the number of 0-days appearing in-the-wild.

A major factor could be a jump in utilization. Simply put, there could be more 0-day attacks emerging simply because there are more of them out there.

“Those of us working on protecting users from 0-day attacks have long suspected that overall, the industry detects only a small percentage of the 0-days actually being used,” the TAG team writes.

“Increasing our detection of 0-day exploits is a good thing,” they write. “It allows us to get those vulnerabilities fixed and protect users, and gives us a fuller picture of the exploitation that is actually happening.”

This, they say, helps us “make more informed decisions on how to prevent and fight it.”