Google finds zero-day security flaws in all your favorite browsers

(Image credit: Shutterstock)

Cybersecurity researchers at Google have shared insight into four zero-day security vulnerabilities in popular web browsers which were exploited in the wild earlier this year.

DIscovered by Google's Threat Analysis Group (TAG), the four vulnerabilities in Google Chrome, Internet Explorer, and WebKit, the browser engine used by Apple's Safari, were used as a part of three different campaigns. 

“We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors,” share TAG members Maddie Stone and Clement Lecigne.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

In addition to breaking down the vulnerabilities, the researchers also note that there has been a definite increase in the number of attacks based on zero-day exploits.

Improved detection

So far this year there have been 33 publicly disclosed zero-day exploits used in attacks that have been publicly disclosed this year, share the researchers. To put it into perspective, a grand total of 22 were discovered in the whole of 2020. 

However, the marked increase could just be a sign of vendors being more forthcoming about disclosing zero-day vulnerabilities and exploits in their products.

Interestingly, the researchers note that even a genuine increase in the number of zero-day exploits isn’t always a bad thing. They reason that it is the maturing of security products that can thwart most attempts to install malware on a victim’s computer, which is forcing threat actors to rely on zero-day vulnerabilities for conducting attacks.

They also note that until the last decade, only selection nation states had the technical expertise to detect and weaponize zero-day vulnerabilities. 

However, leaning on the example of the four vulnerabilities discussed in their post, the researchers argue that these days a majority of the zero-days vulnerabilities are discovered and exploited by private players who then hawk them to state-sponsored actors for their malicious activities.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.