It’s anti-bullying week. ⁦

Did you know there is a legal fund that helps protect fellow bug hunters from legal threats? If you instruct us to donate your reward to the Security Research Legal Defense Fund, Google will quadruple it!

I'm excited to announce that I'll be speaking ShmooCon in January! Looking forward to discussing my work hacking on Android drivers. shmoocon.org/speakers/#:~:t…

If you ever want to feel better about your crappy interview performance, just remember: In the not too recent past I forgot how to define a Python function in a programming interview.

Thanks for coming y'all!! Hope you enjoyed :)

We're naming names 🔥 because the harm is not hypothetical. Today we share "Buying Spying", our new report diving into the commercial surveillance/spyware industry. We dive into the players, the campaigns, the spyware, & the harm it perpetuates. blog.google/threat-analysi…

Here's my talk from Shmoocon 2024, Driving Forward in Android Drivers. The play button might not work correctly, but if you click the text right below the video it should sort itself out. archive.org/details/shmooc…

Physics vs. Magic xkcd.com/2904

In this post I'll use CVE-2023-6241, a vulnerability in the Arm Mali GPU that I reported last November to gain arbitrary kernel code execution from an untrusted app on a Pixel 8 with MTE enabled. github.blog/2024-03-18-gai…

Join j00ru//vx as he shares his research/adventure through the Windows Registry: googleprojectzero.blogspot.com/2024/04/the-wi… 50 CVEs is just the beginning. Future posts will explore the attack surface, history, practical exploitation using hive memory corruption, cell indexes and other good times🎉

if you pass NULL to `munmap` it should just behave like `mmap` and be up to the kernel what mapping address gets unmapped,

Captchas be getting really wild nowadays

The Google Android Red Team's first blog post is now live! Congratulations to the whole team for the big effort to make this happen 😀 androidoffsec.withgoogle.com/posts/attackin…

Google CTF 2024 is coming up fast! June 21st - June 23rd. Hope y'all are ready ;) capturetheflag.withgoogle.com

My new Project Zero blog post, Driving Forward in Android Drivers is live! 🥳 googleprojectzero.blogspot.com/2024/06/drivin…

New Project Zero blog post by Sergei Glazunov and Mark Brand: Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models googleprojectzero.blogspot.com/2024/06/projec…

Google CTF is on!! Good luck challengers! capturetheflag.withgoogle.com

Does anyone else have that thing where you go to high five someone but they're going for the fist bump, so you switch, but then they switch and you end up awkwardly punching their hand?

The Project Zero bugtracker has moved! Going to the old bugtracker will redirect to the new one :) project-zero.issues.chromium.org/issues?q=type:…