Google’s latest report shows a drop in zero-day vulnerabilities exploited in 2024, though serious risks persist, especially for mobile devices.
On Tuesday, Google’s Threat Intelligence Group released its annual analysis of zero-day exploitation trends. A “zero-day” refers to a vulnerability actively exploited before developers issue a public patch. While some cybersecurity firms use broader definitions, Google sticks to this strict view.
In 2024, the tech giant identified 75 zero-day vulnerabilities, down from 98 the previous year but still higher than the 63 cases recorded in 2022. Despite the slight improvement, the report highlights that threat actors continue to evolve their tactics.
A major shift appeared in the type of targets. Of the 75 zero-days, 33 affected enterprise technologies, including networking gear and security tools. The remaining vulnerabilities struck end-user products like browsers, operating systems, and mobile devices.
For consumer technology, the report revealed a rise in Windows exploits but a steep decline in attacks against Safari and iOS. Chrome once again topped the list as the most targeted browser, a trend Google attributes to its overwhelming market dominance.
Mobile devices faced increasing threats, with roughly 90% of exploit chains focusing on smartphones. In the Android ecosystem, many attacks targeted vulnerabilities in third-party components rather than Google’s own code.
Enterprise technologies also became a prime target. Products from Ivanti, Palo Alto Networks, and Cisco drew special attention from cybercriminals. Google explained that security tools like endpoint detection and response (EDR) often struggle to monitor networking appliances. Plus, attackers typically don’t need to chain multiple exploits to compromise these systems. A single vulnerability can lead to remote code execution or privilege escalation, giving hackers a powerful entry point.
When it came to identifying who was behind the attacks, Google found clear links to threat groups in 34 out of the 75 exploits. Nearly 45% were attributed to state-sponsored hackers conducting espionage or financial crimes. Around 25% were tied to commercial surveillance vendors, while about 30% were linked to non-state financially motivated groups.
Google’s full report, available as a PDF, dives deeper into the evolving landscape of zero-day vulnerabilities and the growing challenges for defenders in 2025.
