ZERO-DAY VULNERABILITY (Syllabus: GS Paper 3– Cyber Security)

Context: Google Chrome has been hit with another zero-day vulnerability, which has set the alarm bells ringing among users and cyber experts.

Zero-day Vulnerability

• About: It refers to a system or software vulnerability that is unknown to the vendor and lacks any available patch or mitigation.
• Zero-Day Attack: This term denotes an attack occurring immediately after the vulnerability's discovery, leaving no time for mitigation.
• Zero-Day Exploit: It describes the method hackers employ to exploit the vulnerability, often via malware, to execute an attack.
• Nature of Attacks: Threat actors develop and release malware promptly to target ZDVs, initiating zero-day attacks before security professionals and developers can respond with patches.
• zero-day vulnerabilities pose a higher risk to users for the following reasons:

o Cybercriminals race to exploit these vulnerabilities to cash in on their schemes

o Vulnerable systems are exposed until a patch is issued by the vendor.

• Example: In April 2020, a zero-day vulnerability was discovered in Zoom that made it possible for attackers to gain remote access to users’ computers under certain conditions.