Google Chrome gets a patch for actively exploited zero-day vulnerability

Spyware vendors are responsible for most exploits

In a March report, researchers from Google’s Threat Analysis Group (TAG) and Mandiant, a Google subsidiary, counted 97 zero-day exploits being used in attacks during 2023.

Commercial surveillance vendors that sell spyware to government customers were responsible for over 60% of the 37 exploits impacting browsers and mobile devices, as well as for 13 of the 37 zero-day vulnerabilities that specifically impacted Google products: Chrome and Android.

It’s worth noting that none of the eight zero-day vulnerabilities that impacted Google Chrome in 2023 were caused by use-after-free memory safety bugs. That’s mainly thanks to a new exploit mitigation technology called MiraclePtr that Google built into the browser in 2023. By comparison, half of the exploitable vulnerabilities in Chrome found in 2022 were user-after-free ones.