Google Project Zero disclosed that in H1 2022, around half of zero-day exploitations were related to old flaws that were not fixed properly. These details are revealed in a presentation at the FIRST conference titled ‘0-day In-the-Wild Exploitation in 2022…so far’.


The researcher disclosed that 9 out of 18 zero-day flaws exploited in the wild in 2022 are variants of previously patched vulnerabilities.
  • Around four of the zero-days are variants of 2021 in-the-wild zero-day vulnerabilities. 
  • After 12 months of in-the-wild zero-day being patched, attackers returned with a variant of the original bug. 
  • One of the prime examples of the above-mentioned details is the recently spotted Follina Windows vulnerability, identified as CVE-2022-30190, which is a variant of the CVE-2021-40444 MSHTML zero-day.

Moreover, research claims that half of the zero-days spotted in the first six months of 2022 could have been stopped with proper patching.

Old bugs and variants

The presentation has provided a table that includes the list of the zero-day and their related variants.


To properly fix zero-day vulnerabilities, researchers suggest security teams invest more time and effort in root cause analysis, patch analysis, variant analysis, and exploit technique analysis. Further, always make sure to update OS and used applications with recent security patches.
Cyware Publisher