Decline in Zero-Day Vulnerabilities Targeting Browsers and Mobile Devices, According to Google

Cybercriminals are experiencing diminishing success in targeting end-user technology through zero-day attacks, according to the latest findings from Google’s security team. Although personal technologies—including smartphones and web browsers—remain a primary target, the emphasis is noticeably shifting towards enterprise technologies.

Zero-day vulnerabilities are defined as those flaws that are exploited before vendors can address them, sometimes even before they are identified by the vendors themselves. The Google Threat Intelligence Group has reported in their annual analysis that espionage groups are the predominant users of these vulnerabilities when compromising systems.

Notably, government-backed organizations and clients of commercial surveillance vendors—often a euphemism for spyware—accounted for over half of all attacks that the researchers could attribute. The role of spyware in zero-day exploits has substantially increased compared to previous years.

In terms of nation-state actors, the Chinese government has exploited five documented zero-day vulnerabilities, while North Korea has also achieved the same number for the first time. Furthermore, clients of spyware vendors utilized eight distinct zero-day exploits during the year.

However, attackers focused on espionage are not the sole users of zero-day vulnerabilities. Crime syndicates are also leveraging these exploits to access sensitive data. Alarmingly, some of these criminal groups maintain close ties to the Russian government.

Despite a decrease in the total number of identified zero-day exploits—from 98 last year to 75 this year—the overall trend shows a gradual uptick. The figures reflect a history of fluctuating zero-day exploits, with 63 reported in 2022, and 95 in the preceding year, while 2019 and 2020 each recorded only 31 incidents.

The research indicates that security vendors have made significant strides in protecting certain products. According to Google, there has been a marked reduction in the effectiveness of attacks aimed at browsers and mobile operating systems. Traditionally, these platforms have been exploited to target consumer users.

The enhanced security protocols may explain a notable trend: the proportion of zero-day exploits directed at end-user technologies has decreased to 56%, lower than those aimed at enterprise technologies. This statistic marks a consistent decline from 90.32% in 2019 to progressively lower figures reported through 2023.

Specifically, the exploitation of web browsers and mobile devices saw a significant downturn this year compared to the last. There was a 33% reduction in zero-day exploits targeting browsers, primarily affecting Chrome due to its extensive user base, while attacks on mobile devices were reduced by half.

Despite this declining trend, it is crucial to recognize that end-user technologies will likely remain attractive targets for attackers. Google cautions that “phones and browsers will almost certainly continue to be popular targets, although enterprise software and appliances are likely to experience a continued increase in zero-day exploitation.”

When spyware attackers do focus on mobile devices, they often deploy a combination of vulnerabilities to circumvent existing security measures implemented by mobile vendors.

Google emphasizes the difficulty in distinguishing between attacks on enterprise versus end-user technology, given that many enterprises utilize personal technologies as well. Nevertheless, a 9% increase in zero-day attacks exclusively leveraging enterprise technology has been observed, particularly among security and network products, which accounted for 60% of all enterprise-related zero-day incidents.

For individuals and organizations, it is essential to maintain strong cybersecurity practices. Continuous application of basic cyber hygiene—such as regularly updating systems—can mitigate risks. While timely system updates may not prevent zero-day exploits, prompt patches can help thwart attacks if vendors respond quickly to identified vulnerabilities. Additionally, some technologies employ heuristic methods to block unfamiliar software that appears suspicious. It is equally important to exercise caution by refraining from opening unverified links and files, thereby preventing potential zero-day exploits from compromising devices.