In the first half of 2020 were recorded 11 zero-day vulnerabilities. According to preliminary estimates of the Google Project Zero team, there will be 20 0Day vulnerabilities in 2020 as there were in 2019.
Details of the zero-day vulnerabilities were obtained fr om a spreadsheet managed by Google security researchers. Below are the current 0Day vulnerabilities discovered this year.
1. Mozilla Firefox (CVE-2019-17026)
Incorrect alias information in the IonMonkey JIT compiler for setting array elements could lead to type confusion. The issue has been fixed in Firefox 72.0.1.
2. Internet Explorer (CVE-2020-0674)
Both of the vulnerabilities in Firefox and Internet Explorer were used by the cybercriminal group DarkHotel to spy on targets located in China and Japan. Victims of this campaign were redirected to a website wh ere they'd be served either the Firefox or IE zero-day, and then they were infected with the Gh0st remote access trojan.
3. Chrome (CVE-2020-6418)
The problem was detected exploited in the wild by the Google Threat Analysis Group, but details of the attacks and exploitation were never released. The vulnerability was fixed in Chrome version 80.0.3987.122.
4 and 5. Trend Micro OfficeScan (CVE-2020-8467 and CVE-2020-8468)
The vulnerabilities were discovered by Trend Micro experts. Zero-day vulnerabilities have been allegedly discovered during investigations of another issue (CVE-2019-18187) in the same product that was used to hack Mitsubishi Electric.
6 and 7. Mozilla Firefox (CVE-2020-6819 and CVE-2020-6820)
The details of the attacks that exploited these vulnerabilities in Firefox have not yet been released. The issue has been fixed in Firefox 74.0.1.
All three issues were discovered by Google TAG and reported to Microsoft. Details of the attacks have not yet been released.
11. Sophos XG Firewall (CVE 2020-12271)
A group of hackers has discovered earlier this year the 0Day vulnerability in XG, a firewall developed by UK-based information security firm Sophos. A SQL injection vulnerability in the firewall control panel allowed attackers to install the Ragnarok backdoor on infected systems. Threat actors tried to install Ragnarok ransomware on infected devices after the vulnerability became known, but experts blocked most of their attempts.