Full Report
Today, Google released its report “We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023.”
Analysis Summary
This summary is based solely on the provided text describing the Google TAG and Mandiant report, "We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023." The article provides high-level findings but **does not list individual CVEs, CVSS scores, specific technical details, or direct links to patches for specific vulnerabilities.**
---
# Vulnerability: Zero-Day Exploitation Trend Analysis (2023 Review)
## CVE Details
- CVE ID: **Not specified in the text provided.** The report tracked 97 unique zero-day vulnerabilities exploited in the wild in 2023.
- CVSS Score: **Not specified in the text provided.**
- CWE: **Not specified in the text provided.**
## Affected Systems
- Products: End-user platforms (mobile devices, operating systems, browsers, applications) and enterprise-focused technologies (security software and appliances). Specific product names are generalized.
- Versions: **Not specified in the text provided.**
- Configurations: Exploits are shown to target both end-user and enterprise products, with a notable shift toward third-party components and libraries.
## Vulnerability Description
The report analyzes 97 zero-day vulnerabilities exploited in the wild in 2023 (a 50% increase from 2022). Attackers are shifting focus to **third-party components and libraries** as these offer scalable impact across multiple products. Enterprise targeting is also noted as increasing and becoming more varied. Certain older vulnerability classes (common in past years) are now virtually non-existent due to vendor investment in mitigation technologies (e.g., Google's MiraclePtr for Use-After-Free in Chrome).
## Exploitation
- Status: **Exploited in the wild** (97 tracked for 2023).
- Complexity: **Varies**, but the report implies exploitation remains a major threat, particularly against enterprise tech.
- Attack Vector: **Varies**, covering both end-user and enterprise environments.
## Impact
Impact levels (Confidentiality, Integrity, Availability) are **not detailed** for individual flaws but are implied to be high given their status as actively exploited zero-days.
## Remediation
### Patches
- Specific patches for the 97 tracked CVEs are **not listed in the provided text.** The article stresses the general industry need for swift patching and transparency.
### Workarounds
- **For high-risk users (General Recommendations):**
- iPhone users: Enable **Lockdown mode**.
- Pixel 8 users: Enable **Memory Tagging Extensions (MTE)**.
- Chrome high-risk users: Enable **"Always Use Secure Connections"** and **disable the v8 Optimizer**.
## Detection
- Specific IOCs are **not provided**.
- **Detection methods focus on:** Vendor investments (like MiraclePtr, Lockdown mode) serving as implicit detection/prevention mechanisms. The report advocates for broader industry transparency to aid detection.
## References
- Vendor Advisories: Google TAG & Mandiant "We’re All in this Together: A Year in Review of Zero-Days Exploited In-the-Wild in 2023."
- Relevant links - defanged:
- Full Report: `https://storage.googleapis.com/gweb-uniblog-publish-prod/documents/Year_in_Review_of_ZeroDays.pdf`
- Previous Patching Recommendations: `https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html`
- MTE Information: `https://googleprojectzero.blogspot.com/2023/11/first-handset-with-mte-on-market.html`
- APP Program: `https://landing.google.com/advancedprotection/`