Virtual Event Today: Supply Chain Security Summit - Register Now

Security Experts:

Connect with us

Hi, what are you looking for?


Malware & Threats

Google Starts Tracking Zero-Days Exploited in the Wild

Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches.

Google Project Zero has started tracking zero-day vulnerabilities exploited in attacks before the impacted vendor released patches.

The new project, named 0Day ‘In the Wild’, is basically a spreadsheet that Project Zero uses to track vulnerabilities exploited before they became known to the public or the vendor.

The spreadsheet currently lists over 100 vulnerabilities exploited in the wild since 2014. The table includes the flaw’s CVE identifier, impacted vendor, impacted product, the type of vulnerability, a brief description, the date of its discovery, the date when a patch was released, a link to the official advisory, a link to a resource analyzing the flaw, and information on attribution.

The list currently includes vulnerabilities affecting products from Facebook, Microsoft, Google, Apple, Adobe, Mozilla, Cisco, Oracle, IBM and Ghostscript. The zero-days are believed to have been exploited, among others, by APT3, FruityArmor, ScarCruft (APT37), BlackOasis, APT28 (Fancy Bear, Sofacy), Equation Group, AdGholas, APT31, Sandworm, Animal Farm, and the controversial spyware makers NSO Group and Hacking Team.

It’s worth noting that the project does not track every single zero-day exploited in the wild and instead focuses on software that is covered by Project Zero research. For instance, zero-days in the InPage word processor, which is mostly used by people who speak Urdu and Arabic, are not included.

It also doesn’t cover exploits for software that has reached end of life (EOL) by the time it’s discovered, such as the ExplodingCan exploit leaked by Shadow Brokers and patched in 2017, or flaws exploited between the time their details became public and the release of a patch, such as the Windows flaw disclosed in August 2018 by a frustrated researcher on Twitter.

“This data is collected from a range of public sources,” explained Project Zero’s Ben Hawkes. “We include relevant links to third-party analysis and attribution, but we do this only for your information; their inclusion does not mean we endorse or validate the content there. The data described in the spreadsheet is nothing new, but we think that collecting it together in one place is useful.”

The data collected so far shows that, on average, an in-the-wild exploit is identified every 17 days, that it takes vendors 15 days to patch an actively exploited flaw, that a detailed technical analysis is published for nearly 90 percent of zero-days, and memory corruption bugs are the root cause of roughly two-thirds of these vulnerabilities.

Related: Google Project Zero Discloses New Linux Kernel Flaw

Related: Google Spots Attacks Exploiting iOS Zero-Day Flaws

Related: Researcher Finds Novel Bug Class in Windows Kernel

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Application Security

Drupal released updates that resolve four vulnerabilities in Drupal core and three plugins.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.