Google team helps Apple, Microsoft fix zero-day bugs in browsers

Zero-day vulnerabilities are unknown software flaws

Google team helps Apple, Microsoft fix zero-day bugs in browsers

Photo for representation only. Source: iStock.

New Delhi, July 16

Google researchers have discovered four zero-day vulnerabilities in Chrome browser, Microsoft's Internet Explorer and Apple's Safari that might have put users' data at risk.

After the vulnerabilities were disclosed by Google's Threat Analysis Group (TAG), Apple, Microsoft and Google quickly patched those bugs.

Zero-day vulnerabilities are unknown software flaws. Until they're identified and fixed, they can be exploited by attackers.

"The four exploits were used as a part of three different campaigns. As is our policy, after discovering these zero-days, we quickly reported to the vendor and patches were released to users to protect them from these attacks," Google said in a statement.

"We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors," the company informed.

In the first six months this year, there have been 33 zero-day exploits used in attacks that have been publicly disclosed this year — 11 more than the total number from 2020.

There is not a one-to-one relationship between the number of zero-days being used in-the-wild and the number of zero-days being detected and disclosed as in-the-wild.

"The attackers behind zero-day exploits generally want their zero-days to stay hidden and unknown because that's how they're most useful," Google said.

This year, Apple began annotating vulnerabilities in their security bulletins to include notes if there is reason to believe that a vulnerability may be exploited in-the-wild and Google added these annotations to their Android bulletins.

"When vendors don't include these annotations, the only way the public can learn of the in-the-wild exploitation is if the researcher or group who knows of the exploitation publishes the information themselves," the TAG team added.

Google said that improvements in detection and a growing culture of disclosure likely contribute to the significant uptick in zero-days detected in 2021 compared to 2020, but reflect more positive trends.

"Increasing our detection of zero-day exploits is a good thing—it allows us to get those vulnerabilities fixed and protect users, and gives us a fuller picture of the exploitation that is actually happening, so we can make more informed decisions on how to prevent and fight it," the researchers noted. — IANS

Top Stories

SC to hear pleas seeking probe into Pegasus snooping row on Thursday

SC to hear pleas seeking probe into Pegasus snooping row on Thursday

Bench comprising Chief Justice N.V. Ramana and Justice Surya...

Gutsy Satish Kumar’s debut Olympics ends with loss to world champ Jalolov in quarterfinals

Gutsy Satish Kumar’s debut Olympics ends with loss to world champ Jalolov in quarterfinals

With this the Indian men’s boxing campaign came to an end in...

10-hour talks at Moldo as India, China discuss pullback of troops

10-hour talks at Moldo as India, China discuss pullback of troops

Gogra, Hot Springs, Depsang friction points

541 die in 24 hours as India records 41,831 new Covid-19 cases

541 die in 24 hours as India records 41,831 new Covid-19 cases

Tally reaches 3,16,55,824; death toll climbs to 4,24,351 wit...

No confusion, Navjot Singh Sidhu runs party, I head govt: Capt Amarinder Singh

No confusion, Navjot Singh Sidhu runs party, I head govt: Capt Amarinder Singh

Amarinder dispels talk of two power centres in state

Cities

View All