2023 was a bumper year for zero-day exploits—50% more zero-day vulnerabilities were exploited last year compared to 2022—and the majority of them affected operating systems and products used by run-of-the-mill end users, such as Windows, Chrome and iOS. Though before the doom and gloom sinks in, Google does have some positive things to say about software security in 2023 in its yearly threat report.
Google’s Threat Analysis Group (TAG) and Mandiant keep track of all the zero-day security vulnerabilities they discover out in the wild. Any hole in a security system that some nasty person wearing a long trench coat can take advantage of goes onto their joint yearly report (pdf), separated into whether it impacted end-users or enterprise software.
The first takeaway from the report is that there was a sharp increase in both end-user and enterprise zero-day vulnerabilities in 2023 compared to 2022. It notes 61 exploits impacting end-user software, such as operating systems, and 36…