Google team helps Apple, Microsoft fix browser zero-day bugs


New Delhi: Google researchers have discovered four zero-day vulnerabilities in Chrome browsers, Microsoft’s Internet Explorer, and Apple’s Safari that could compromise user data.

After the vulnerability was disclosed by Google’s Threat Analysis Group (TAG), Apple, Microsoft, and Google quickly patched these bugs.

Zero-day vulnerabilities are unknown software flaws. It can be exploited by an attacker until they are identified and fixed.

“The four exploits were used as part of three different campaigns. Similar to Google’s policy, immediately report these zero-day attacks to vendors and protect users from these attacks. A patch for this has been released to users, “Google said in a statement.

“Three of these exploits are rated as being developed by the same commercial surveillance company that sold these features to two different government-sponsored parties,” the company said.

In the first six months of this year, 33 zero-day exploits were used in the attacks published this year, 11 more than the total in 2020.

There is no one-to-one relationship between the number of zero-days used in the wild and the number of zero-days detected and disclosed in the wild.

“The attackers behind zero-day exploits generally want to hide zero-days and leave them unknown, as zero-days are most useful,” Google said.

This year, Apple began annotating security bulletins with vulnerabilities, and Google added these annotations to Android bulletins, including notes if there was reason to believe that the vulnerabilities could actually be exploited. ..

“If the vendor does not include these annotations, the only way the public can know about wild exploitation is for researchers or groups who know the exploitation to publish the information themselves,” said the TAG team. Added.

Google said improved detection and growth in the culture of disclosure are likely to contribute to a significant increase in zero-days detected in 2021 compared to 2020, but reflects a more positive trend. ing.

“It’s good to increase the detection of zero-day exploits. This will fix these vulnerabilities to protect users and give you a complete picture of the exploits that are actually occurring, so…

Source…