News and updates from the Project Zero team at Google

Discussion in 'other security issues & news' started by Minimalist, Apr 2, 2020.

  1. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    TFW you-get-really-excited-you-patch-diffed-a-0day-used-in-the-wild-but-then-find-out-it-is-the-wrong-vuln
    https://googleprojectzero.blogspot.com/2020/04/tfw-you-get-really-excited-you-patch.html
     
  2. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    You Won't Believe what this One Line Change Did to the Chrome Sandbox
    https://googleprojectzero.blogspot.com/2020/04/you-wont-believe-what-this-one-line.html
     
  3. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    Fuzzing ImageIO
    https://googleprojectzero.blogspot.com/2020/04/fuzzing-imageio.html
     
  4. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
  5. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    FF Sandbox Escape (CVE-2020-12388)
    https://googleprojectzero.blogspot.com/2020/06/ff-sandbox-escape-cve-2020-12388.html
     
  6. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    How to unc0ver a 0-day in 4 hours or less
    https://googleprojectzero.blogspot.com/2020/07/how-to-unc0ver-0-day-in-4-hours-or-less.html
     
  7. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    MMS Exploit Part 3: Constructing the Memory Corruption Primitives
    https://googleprojectzero.blogspot.com/2020/07/mms-exploit-part-3-constructing-primitives.html
     
  8. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    Detection Deficit: A Year in Review of 0-days Used In-The-Wild in 2019
    https://googleprojectzero.blogspot.com/2020/07/detection-deficit-year-in-review-of-0.html
     
  9. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    Root Cause Analyses for 0-day In-the-Wild Exploits
    https://googleprojectzero.blogspot.com/2020/07/root-cause-analyses-for-0-day-in-wild.html
     
  10. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    One Byte to rule them all
    https://googleprojectzero.blogspot.com/2020/07/one-byte-to-rule-them-all.html
     
  11. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    The core of Apple is PPL: Breaking the XNU kernel's kernel
    https://googleprojectzero.blogspot.com/2020/07/the-core-of-apple-is-ppl-breaking-xnu.html
     
  12. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
  13. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    MMS Exploit Part 4: MMS Primer, Completing the ASLR Oracle
    https://googleprojectzero.blogspot.com/2020/08/mms-exploit-part-4-completing-aslr-oracle.html
     
  14. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
  15. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    Exploiting Android Messengers with WebRTC: Part 3
    https://googleprojectzero.blogspot.com/2020/08/exploiting-android-messengers-part-3.html
     
  16. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
  17. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    JITSploitation I: A JIT Bug
    https://googleprojectzero.blogspot.com/2020/09/jitsploitation-one.html

    JITSploitation II: Getting Read/Write
    https://googleprojectzero.blogspot.com/2020/09/jitsploitation-two.html

    JITSploitation III: Subverting Control Flow
    https://googleprojectzero.blogspot.com/2020/09/jitsploitation-three.html
     
  18. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    Attacking the Qualcomm Adreno GPU
    https://googleprojectzero.blogspot.com/2020/09/attacking-qualcomm-adreno-gpu.html
     
  19. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    Announcing the Fuzzilli Research Grant Program
    https://googleprojectzero.blogspot.com/2020/10/announcing-fuzzilli-research-grant.html
     
  20. Minimalist

    Minimalist Registered Member

    Joined:
    Jan 6, 2014
    Posts:
    13,712
    Location:
    Slovenia
    Enter the Vault: Authentication Issues in HashiCorp Vault
    https://googleprojectzero.blogspot.com/2020/10/enter-the-vault-auth-issues-hashicorp-vault.html
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.