Google Project Zero noted a total of 18 zero-day bugs this year, so far.
Researchers at Google Project Zero noted that half of the zero-day bugs found in H1 2022 – that were exploited before a patch was publicly available – can be avoided if concerned software vendors made better testing of their patches.
Also, there have been four zero-day bugs spotted that were just the variants of previously released patches – produced by hackers. Some of the 18 zero-day bugs they noted today were from Google’s own Chrome and Pixel software too.
Zero-Day bugs are something that is spotted for the first time – in software applications – that even the concerned software vendors haven’t noted yet. Hackers often look for zero-days to exploit, as these may take a longer time to be patched.
While the vendors too rush for making patches available as soon as they can, they often fail to understand the root cause of the problem and release patches without testing them properly.
This was said by researchers at Google Project Zero, where they listed 18 ‘zero-day’ bugs from the first six months of this year – that was exploited before a patch was publicly available. They said that half of these bugs can be avoided if the concerned software vendors have created proper patches, or tested them thoroughly before releasing them to the public.
They noted bugs from Microsoft Windows, Apple iOS and WebKit, Google’s Chromium and Pixel, and Atlassian’s Confluence server. Also, there were four truly unique zero-day bugs that attackers exploited, which are mere tweaks of already released patches.
Here are all the zero-day bugs the Google Project Zero team noted this year; this year up to June 15.
| Product | 2022 ITW 0-day | Variant |
| Windows win32k | CVE-2022-21882 | CVE-2021-1732 (2021 itw) |
| iOS IOMobileFrameBuffer | CVE-2022-22587 | CVE-2021-30983 (2021 itw) |
| Windows | CVE-2022-30190 (“Follina”) | CVE-2021-40444 (2021 itw) |
| Chromium property access interceptors | CVE-2022-1096 | CVE-2016-5128 CVE-2021-30551 (2021 itw) CVE-2022-1232 (Addresses incomplete CVE-2022-1096 fix) |
| Chromium v8 | CVE-2022-1364 | CVE-2021-21195 |
| WebKit | CVE-2022-22620 (“Zombie”) | Bug was originally fixed in 2013, patch was regressed in 2016 |
| Google Pixel | CVE-2021-39793** While this CVE says 2021, the bug was patched and disclosed in 2022 | Linux same bug in a different subsystem |
| Atlassian Confluence | CVE-2022-26134 | CVE-2021-26084 |
| Windows | CVE-2022-26925 (“PetitPotam”) | CVE-2021-36942 (Patch regressed) |
Suggest an edit to this article
Go to Cybersecurity Knowledge Base
Got to the Latest Cybersecurity News
Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for our Weekly Cybersecurity Newsletter Today.
Remember, CyberSecurity Starts With You!
This post was last modified on 5 July 2022 11:20 AM
British high street chain WH Smith has recently revealed that it was hit by a…
As banks worldwide roll out Voice ID as a means of user authentication over the…
In the era of digital transformation, cybersecurity has become a major concern for businesses. When…
In today's digital age, cybersecurity threats have become a significant concern for businesses of all…
The RIG Exploit Kit is currently in the midst of its most productive phase, attempting…
One of the most transformational technologies of our time, artificial intelligence (AI), has quickly come…
Leave a Comment