Google has reported the discovery of 75 zero-day vulnerabilities exploited in the wild in 2024—a drop from 98 in 2023, though still up from 63 in 2022. Nearly half (44%) of these flaws targeted enterprise products, with 20 found in security and networking appliances.

While attacks on browsers and mobile devices declined significantly, exploit chains using multiple zero-days remained primarily focused on compromising mobile platforms. Windows was the most frequently targeted, accounting for 22 zero-days, followed by vulnerabilities in Android (7), Chrome (7), and Apple’s iOS and Safari (5 combined).

Enterprise tools, particularly those from companies like Ivanti, Palo Alto Networks, and Cisco, were high-value targets due to their privileged access to sensitive systems. In total, 33 zero-days were exploited in enterprise environments, affecting 18 unique vendors. Microsoft was the most frequently targeted with 26 zero-days, followed by Google (11), Ivanti (7), and Apple (5). According to Google’s Threat Intelligence Group (GTIG), security and network appliances continue to serve as a gateway for attackers seeking deep access to enterprise networks.

State-sponsored cyber espionage was the leading driver behind many of these attacks, with China, Russia, and North Korea implicated in several operations. At least 34 zero-days were linked to six major threat actor clusters, including commercial surveillance vendors and financially motivated cybercriminals. Notably, Google uncovered a malicious JavaScript injection on Ukraine’s Diplomatic Academy website in late 2024, which exploited two WebKit vulnerabilities for an XSS attack aimed at stealing Microsoft login cookies. In a separate case, an exploit chain involving Firefox and Tor browsers was used to escape the browser sandbox and deliver the RomCom remote access trojan.