Google finds zero-day security flaws in all your favorite browsers

News
By published

Chrome, Internet Explorer, Safari all found to have zero-day vulnerabilities

security
(Image credit: Shutterstock)

Cybersecurity researchers at Google have shared insight into four zero-day security vulnerabilities in popular web browsers which were exploited in the wild earlier this year.

DIscovered by Google's Threat Analysis Group (TAG), the four vulnerabilities in Google Chrome, Internet Explorer, and WebKit, the browser engine used by Apple's Safari, were used as a part of three different campaigns. 

“We assess three of these exploits were developed by the same commercial surveillance company that sold these capabilities to two different government-backed actors,” share TAG members Maddie Stone and Clement Lecigne.

TechRadar needs you!

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and you can also choose to enter the prize draw to win a $100 Amazon voucher or one of five 1-year ExpressVPN subscriptions.

>> Click here to start the survey in a new window <<

In addition to breaking down the vulnerabilities, the researchers also note that there has been a definite increase in the number of attacks based on zero-day exploits.

Improved detection

So far this year there have been 33 publicly disclosed zero-day exploits used in attacks that have been publicly disclosed this year, share the researchers. To put it into perspective, a grand total of 22 were discovered in the whole of 2020. 

However, the marked increase could just be a sign of vendors being more forthcoming about disclosing zero-day vulnerabilities and exploits in their products.

Interestingly, the researchers note that even a genuine increase in the number of zero-day exploits isn’t always a bad thing. They reason that it is the maturing of security products that can thwart most attempts to install malware on a victim’s computer, which is forcing threat actors to rely on zero-day vulnerabilities for conducting attacks.

They also note that until the last decade, only selection nation states had the technical expertise to detect and weaponize zero-day vulnerabilities. 

However, leaning on the example of the four vulnerabilities discussed in their post, the researchers argue that these days a majority of the zero-days vulnerabilities are discovered and exploited by private players who then hawk them to state-sponsored actors for their malicious activities.

Mayank Sharma
Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Read more
A finger touching the google chrome icon in the Windows 10 start menu
A new Chrome browser highjacking attack could affect billions of users - here's how to fight it
Avast cybersecurity
An unpatched Windows zero-day flaw has been exploited by 11 nation-state attackers
An option to add Ambient Music buttons to the iOS 18.4 Control Center.
Apple fixes dangerous zero-day used in attacks against iPhones and iPads
chrome firefox extensions
Google Chrome extensions hit in major attack - dozens of developers affected, so be on your guard
Chrome icon on Android
Google Chrome extensions hack may have started much earlier than expected
A digital representation of a lock
Exploits on the rise: How defenders can combat sophisticated threat actors
Latest in Software & Services
TinEye website
I like this reverse image search service the most
A person in a wheelchair working at a computer.
Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other
This people search finder covers all the bases, but it's not perfect
That&#039;s Them home page
Is That's Them worth it? My honest review
woman listening to computer
AWS vs Azure: choosing the right platform to maximize your company's investment
A person at a desktop computer working on spreadsheet tables.
Trello vs Jira: which project management solution is best for you?
Latest in News
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24&#039;s Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
Seth Milchick and Kier Eagan&#039;s animatronic speaking in Severance season 2 episode 10
Apple TV+ announces Severance has been renewed for season 3 after that devastating finale
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series
Apple&#039;s Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know
More about software services
A person in a wheelchair working at a computer.

Here’s a free way to find long lost relatives and friends
A white woman with long brown hair in a ponytail looks down at her computer in a distressed manner. She is holding her forehead with one hand and a credit card with the other

This people search finder covers all the bases, but it's not perfect
Security padlock and circuit board to protect data

Trust in digital services around the world sees a massive drop as security worries continue
See more latest
Most Popular
Security padlock and circuit board to protect data
Trust in digital services around the world sees a massive drop as security worries continue
Samuel and Romy standing very close together in A24&#039;s Babygirl movie
Everything new on Max in April 2025, including A24's Babygirl and The Last of Us season 2
An AMD Radeon RX 9070 XT made by Sapphire on a table with its retail packaging
AMD’s secret weapon against Nvidia seems to be stock – way more RX 9070 GPUs are rumored to be hitting shelves than RTX 5000 models
AMD Ryzen AI
New leak suggests AMD's working on an Arm-based processor to rival Qualcomm's Snapdragon X series
Representational image depecting cybersecurity protection
Cisco smart licensing system sees critical security flaws exploited
NYT Strands homescreen on a mobile phone screen, on a light blue background
NYT Strands hints and answers for Saturday, March 22 (game #384)
A collage of Mikey Madison&#039;s Anora, Sadie Sink&#039;s O&#039;Dessa, and Glinda and Elphaba in Wicked
7 new movies and TV shows to stream on Netflix, Prime Video, Max, and more this weekend (March 21)
Quordle on a smartphone held in a hand
Quordle hints and answers for Saturday, March 22 (game #1153)
NYT Connections homescreen on a phone, on a purple background
NYT Connections hints and answers for Saturday, March 22 (game #650)
Apple&#039;s Craig Federighi presenting customization options in iOS 18 at the Worldwide Developers Conference (WWDC) 2024.
iOS 19: new features, a new design, and everything you need to know