Google found the hacking group exploiting 11 zero-day
vulnerabilities in just nine months, a high number of exploits
over a short period. Software that was attacked included the
Safari browser on iPhones but also many Google products, including
the Chrome browser on Android phones and Windows computers. […]
Instead of focusing on who was behind and targeted by a specific
operation, Google decided to take broader action for everyone.
The justification was that even if a Western government was the
one exploiting those vulnerabilities today, it will eventually
be used by others, and so the right choice is always to fix the
I don’t think this was an easy decision, but I think it was the right call. Project Zero’s purpose is to find vulnerabilities and report them to get them fixed, period.