chromium -- Type confusion in V8

Chrome Releases reports: This release includes one security fix: 1311641 High CVE-2022-1232: Type Confusion in V8. Reported by Sergei Glazunov of Google Project Zero on 2022-03-30...

New Infinite Loop Bug in OpenSSL Could Let Attackers Crash Remote Servers

The maintainers of OpenSSL have shipped patches to resolve a high-severity security flaw in its software library that could lead to a denial-of-service DoS condition when parsing certificates. Tracked as CVE-2022-0778 CVSS score: 7.5, the issue stems from parsing a malformed certificate with...

Stable Channel Update for Desktop

The Stable channel has been updated to 99.0.4844.74 for Windows, Mac and Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the log. Interested in switching release channels? Find out how here. If you find a new issue, please let us know by...

The struggle to reduce bug-fixing time is real

There are many reasons why we want a bug fixed as soon as we can, but there are also plenty of reasons why doing it “right now” is not an option. This phenomenon starts at the side of the developers. The average time to fix a bug seems to vary depending on the platform the bug was found in. What ...

Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...

GHSA-FMX4-26R3-WXPF Integer overflow in cmark-gfm table parsing extension leads to heap memory corruption

Impact CommonMarker uses cmark-gfm for rendering Github Flavored Markdown. An integer overflow in cmark-gfm's table row parsing may lead to heap memory corruption when parsing tables who's marker rows contain more than UINT16MAX columns. The impact of this heap corruption ranges from Information...

[Security Nation] Amit Serper on Finding Leaks in Autodiscover

!\Security Nation\ Amit Serper on Finding Leaks in Autodiscoverhttps://blog.rapid7.com/content/images/2022/02/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod chat with Amit Serper, Director of Security Research at Akamai, on his work uncovering a flaw in the Autodiscover...

Vendors are Fixing Security Flaws Faster

Googles Project Zero is reporting that software vendors are patching their code faster. tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the...

Dropping Files on a Domain Controller Using CVE-2021-43893

On December 14, 2021, during the Log4Shell chaos, Microsoft published CVE-2021-43893, a remote privilege escalation vulnerability affecting the Windows Encrypted File System EFS. The vulnerability was credited to James Forshaw of Google Project Zero, but perhaps owing to the Log4Shell atmosphere,...

A walk through Project Zero metrics

Posted by Ryan Schoen, Project Zero tl;dr In 2021, vendors took an average of 52 days to fix security vulnerabilities reported from Project Zero. This is a significant acceleration from an average of about 80 days 3 years ago. In addition to the average now being well below the 90-day deadline, w...

CVE-2021-4083

creationtimestamp| type| source ---|---|--- 2022-01-18 20:25:03+00:00| seen| https://t.me/cibsecurity/35728 2022-08-10 23:00:00+00:00| seen| https://googleprojectzero.blogspot.com/2022/08/the-quantum-state-of-linux-kernel.html...

More on NSO Group and Cytrox: Two Cyberweapons Arms Manufacturers

Citizen Lab published another report on the spyware used against two Egyptian nationals. One was hacked by NSO Groups Pegasus spyware. The other was hacked both by Pegasus and by the spyware from another cyberweapons arms manufacturer: Cytrox. We havent heard a lot about Cytrox and its Predator...

Google Warns That NSO Hacking Is On Par With Elite Spy Groups

ForcedEntry is “one of the most technically sophisticated exploits” Project Zero security researchers have ever seen...

A deep dive into an NSO zero-click iMessage exploit: Remote Code Execution

Posted by Ian Beer & Samuel Groß of Google Project Zero We want to thank Citizen Lab for sharing a sample of the FORCEDENTRY exploit with us, and Apple’s Security Engineering and Architecture SEAR group for collaborating with us on the technical analysis. The editorial opinions reflected below ar...

Have you updated your Zoom meeting?

THREAT LEVEL: Amber. For a detailed advisory, download the pdf file here. Two Critical vulnerabilities have been found in Zoom products. These vulnerabilities were discovered by Natalie Silvanovich, a researcher from Google Project Zero. The first vulnerability, CVE-2021-34423 is a high severity...

How a simple Linux kernel memory corruption bug can lead to complete system compromise

An analysis of current and potential kernel security mitigations Posted by Jann Horn, Project Zero Introduction This blog post describes a straightforward Linux kernel locking bug and how I exploited it against Debian Buster's 4.19.0-13-amd64 kernel. Based on that, it explores options for securit...

Windows EoP Bug Detailed by Google Project Zero

It looked like Google Project Zero blew its own 90-day disclosure window when, on Wednesday, it disclosed an elevation of privilege EoP flaw in Windows that it reported to Microsoft just over a month ago on July 8. But no: It turns out that Microsoft flip-flopped on whether or not it was planning...

WebKit WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy Heap Use-After-Free

WebKit: heap-use-after-free in WebCore::FrameLoader::PolicyChecker::checkNavigationPolicy VULNERABILITY DETAILS PolicyChecker.cpp: define ISALLOWED mframe.page ? mframe.page-sessionID.isAlwaysOnLoggingAllowed : false define PAGEID mframe.loader.pageID.valueOrPageIdentifier.toUInt64 define FRAMEID...

An EPYC escape: Case-study of a KVM breakout

Posted by Felix Wilhelm, Project Zero Introduction KVM for Kernel-based Virtual Machine is the de-facto standard hypervisor for Linux-based cloud environments. Outside of Azure, almost all large-scale cloud and hosting providers are running on top of KVM, turning it into one of the fundamental...

Exploit for Type Confusion in Linux Linux_Kernel

Proof of Concept for CVE-2021-33624 compile with gcc -pthre...