Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Google Starts Tracking Zero-Days Exploited in the Wild

Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches.

Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches.

The new project, named 0Day ‘In the Wild’, is basically a spreadsheet that Project Zero uses to track vulnerabilities exploited before they became known to the public or the vendor.

The spreadsheet currently lists over 100 vulnerabilities exploited in the wild since 2014. The table includes the flaw’s CVE identifier, impacted vendor, impacted product, the type of vulnerability, a brief description, the date of its discovery, the date when a patch was released, a link to the official advisory, a link to a resource analyzing the flaw, and information on attribution.

The list currently includes vulnerabilities affecting products from Facebook, Microsoft, Google, Apple, Adobe, Mozilla, Cisco, Oracle, IBM and Ghostscript. The zero-days are believed to have been exploited, among others, by APT3, FruityArmor, ScarCruft (APT37), BlackOasis, APT28 (Fancy Bear, Sofacy), Equation Group, AdGholas, APT31, Sandworm, Animal Farm, and the controversial spyware makers NSO Group and Hacking Team.

It’s worth noting that the project does not track every single zero-day exploited in the wild and instead focuses on software that is covered by Project Zero research. For instance, zero-days in the InPage word processor, which is mostly used by people who speak Urdu and Arabic, are not included.

It also doesn’t cover exploits for software that has reached end of life (EOL) by the time it’s discovered, such as the ExplodingCan exploit leaked by Shadow Brokers and patched in 2017, or flaws exploited between the time their details became public and the release of a patch, such as the Windows flaw disclosed in August 2018 by a frustrated researcher on Twitter.

“This data is collected from a range of public sources,” explained Project Zero’s Ben Hawkes. “We include relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does not mean we endorse or validate the content there. The data described in the spreadsheet is nothing new, but we think that collecting it together in one place is useful.”

The data collected so far shows that, on average, an in-the-wild exploit is identified every 17 days, that it takes vendors 15 days to patch an actively exploited flaw, that a detailed technical analysis is published for nearly 90 percent of zero-days, and memory corruption bugs are the root cause of roughly two-thirds of these vulnerabilities.

Related: Google Project Zero Discloses New Linux Kernel Flaw

Related: Google Spots Attacks Exploiting iOS Zero-Day Flaws

Related: Researcher Finds Novel Bug Class in Windows Kernel

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Malware & Threats

Microsoft plans to improve the protection of Office users by blocking XLL add-ins from the internet.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

IoT Security

Lexmark warns of a remote code execution (RCE) vulnerability impacting over 120 printer models, for which PoC code has been published.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Email Security

Microsoft is urging customers to install the latest Exchange Server updates and harden their environments to prevent malicious attacks.


Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.