Google Project Zero discovered more zero-day vulnerabilities in Internet browsers in 2021. The Chrome browser was at particular risk.
Google Project Zero hunts for vulnerabilities. Developers are notified and given a 90-day window to fix the issue. Throughout 2021, fourteen Google Chrome threats came to light. Safari’s WebKit engine totalled nine; Internet Explorer featured four.
The total number of vulnerabilities increased compared to 2020, when only fourteen zero-day exploits were found. Chrome had the most issues in both 2021 and 2020.
The researchers state that the growth is partly due to more browser developers publicly sharing found vulnerabilities.
Additionally, browsers are becoming more secure, boosting the value — and thereby demand — of zero-day exploits. Interest in zero-day exploits grows parallel to the development of browser security.
Furthermore, hackers are increasingly looking for vulnerabilities in the source code of browsers. A necessity, as Adobe Flash Player — the former key attack vector for browsers — is no longer supported.
Finally, Chromium is increasingly popular. Chromium lends itself for integrating flash players, pdf readers and automated updates. It’s used by Opera, Vivaldi, Brave and Microsoft Edge, among others. By targeting Chromium, hackers effectively target a broad range of browsers.
Tip: ‘Software vendors fix security bugs in 52 days on average’