Google Experts Found a Record Number of Zero-Day Security Bugs Last Year

Project Zero detected 58 in-the-wild exploits in 2021.

David Anders Senior Writer
David Anders is a senior writer for CNET covering broadband providers, smart home devices and security products. Prior to joining CNET, David built his industry expertise writing for the broadband marketplace Allconnect. In his 5 plus years covering broadband, David's work has been referenced by a variety of sources including ArcGIS, DIRECTV and more. David is from and currently resides in the Charlotte area with his wife, son and two cats.
Expertise Broadband providers | Home internet | Security Cameras
David Anders
2 min read
Getty Images

Project Zero, an in-house team of Google experts and analysts tasked with finding advanced cybersecurity threats known as zero-day vulnerabilities and exploits, detected a record-breaking 58 in-the-wild exploits in 2021, according to a report from the team published Tuesday. 

A zero-day vulnerability refers to security flaws that developers have just become aware of, hence, they've "zero days" to fix or "patch" it. When gone undetected, such flaws could lead to data breaches and ransomware attacks. Last year, Microsoft warned users of zero-day vulnerabilities in Windows 10 and other software, including Microsoft Exchange and Microsoft Office, before promptly issuing security update patches for more than 100 potential risks.

Since forming in 2014, Project Zero's highest number of detected and disclosed zero-day exploits came in 2015 with a total of 28, less than half those detected in 2021. The contrast was even higher year over year, with only 20 zero-day exploits detected and disclosed in 2020.

The spike may indicate a growing trend of cyberattacks, which have risen during the ongoing COVID-19 pandemic and the gaining popularity of cryptocurrency, but Project Zero says the likely culprit is improvements in detecting and reporting zero-day occurrences. The report stated that the vast majority of zero-day exploit uses are "similar to previous [and] publicly known vulnerabilities," with only two events that stood out for its "technological sophistication" or logic. So, in spite of the increase in detected zero-days, your online security doesn't appear to be in any more danger than previous years, at least when it comes to zero-day vulnerabilities.

That's not to minimize the risk of zero-day vulnerabilities, however. Online security is still and always will be a concern for individuals and businesses. One way to protect yourself against malware and ransomware is to ensure your software is up to date -- those patches and updates are released for a reason. Using a good VPN and antivirus software can also help keep your connection safe and secure. In the meantime, Project Zero will continue working towards their goal, which is to simply "make 0-day hard."

Google didn't respond to a request for additional comment.