Google's 2022 Year in Review of in-the-wild 0-days is out! 4 key takeaways:
🤖 N-days function like 0-days on Android
⚡️ 0-clicks and new browser mitigations drive down browser 0-days
👯 Over 40% of itw 0-days are variants
💥 Bug collisions are high

#itw0days

https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html

🎯 New RCA up for CVE-2022-4135, a Chrome itw 0-day that was patched in November!! The bug was discovered by Clement and the RCA authored by Sergei. #itw0days

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-4135.html

👀 New RCA up for CVE-2022-41033, a type confusion in Windows COM+ Event System Service by @tiraniddo !
#itw0days

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2022/CVE-2022-41033.html

First in-the-wild 0-day of 2023 🔥

CVE-2023-21674: Windows ALPC elevation of privilege discovered by Avast

https://msrc.microsoft.com/update-guide/en-US/vulnerability/CVE-2023-21674

All 2023 itw 0-days will be tracked here: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit#gid=1746868651

#itw0days

Buckle up. 🔥 4 in-the-wild 0-days in today's Patch Tuesday:

* CVE-2022-41128 in JScript9 discovered by Clem of Google TAG
* CVE-2022-41091 MotW bypass
* CVE-2022-41073 in Print Spooler discovered by MSTIC
* CVE-2022-41125 in Windows CNG Key Isolation Service EoP discovered by MSTIC & MSRC

#itw0days #exploit #windows #microsoft #0day