Making Linux Kernel Exploit Cooking Harder

Posted by Eduardo Vela, Exploit CriticCover of the medieval cookbook. Title in large letters kernel Exploits. Adorned. Featuring a small penguin. 15th century. Color. High quality picture. Private collection. Detailed.The Linux kernel is a key component for the security of the Internet. Google uses Linux in almost everything, from the computers our...

5d

How Hash-Based Safe Browsing Works in Google Chrome

By Rohit Bhatia, Mollie Bates, Google Chrome Security There are various threats a user faces when browsing the web. Users may be tricked into sharing sensitive information like their passwords with a misleading or fake website, also called phishing. They may also be led into installing malicious software on their machines, called malware, which can...

1w

DNS-over-HTTP/3 in Android

Posted by Matthew Mauer and Mike Yu, Android team To help keep Android users’ DNS queries private, Android supports encrypted DNS. In addition to existing support for DNS-over-TLS, Android now supports DNS-over-HTTP/3 which has a number of improvements over DNS-over-TLS. Most network connections begin with a DNS lookup. While transport security...

4w

TAG Bulletin: Q2 2022

Posted by Shane Huntley, Director, Threat Analysis GroupThis bulletin includes coordinated influence operation campaigns terminated on our platforms in Q2 2022. It was last updated on June 30, 2022.MayWe terminated 20 YouTube channels as part of our investigation into coordinated influence operations linked to Russia. The campaign was linked to a Russian...

Jul 2022

Game on! The 2022 Google CTF is here.

Posted by Jan Keller, Technical Entertainment Manager, Bug Hunters Are you ready to put your hacking skills to the test? It’s Google CTF time!The competition kicks off on July 1 2022 6:00 PM UTC and runs through July 3 2022 6:00 PM UTC. Registration is now open at http://goo.gle/ctf.In true old Google CTF fashion, the top 8 teams will qualify for our...

Jun 2022

SBOM in Action: finding vulnerabilities with a Software Bill of Materials

Posted by Brandon Lum and Oliver Chang, Google Open Source Security TeamThe past year has seen an industry-wide effort to embrace Software Bills of Materials (SBOMs)—a list of all the components, libraries, and modules that are required to build a piece of software. In the wake of the 2021 Executive Order on Cybersecurity, these ingredient labels for...

Jun 2022

Announcing the winners of the 2021 GCP VRP Prize

Posted by Harshvardhan Sharma, Information Security Engineer, Google 2021 was another record-breaking year for our Vulnerability Rewards Program (VRP). We paid a total of $8.7 million in rewards, our highest amount yet. 2021 saw some amazing work from the security research community. It is worth noting that a significant portion of the reports we received...

Jun 2022

Retrofitting Temporal Memory Safety on C++

Posted by Anton Bikineev, Michael Lippautz and Hannes Payer, Chrome security teamMemory safety in Chrome is an ever-ongoing effort to protect our users. We are constantly experimenting with different technologies to stay ahead of malicious actors. In this spirit, this post is about our journey of using heap scanning technologies to improve memory safety...

May 2022

Privileged pod escalations in Kubernetes and GKE

Posted by GKE and Anthos Platform Security Teams At the KubeCon EU 2022 conference in Valencia, security researchers from Palo Alto Networks presented research findings on “trampoline pods”—pods with an elevated set of privileges required to do their job, but that could conceivably be used as a jumping off point to gain escalated privileges.The research...

May 2022

I/O 2022: Android 13 security and privacy (and more!)

Posted by Eugene Liderman and Sara N-Marandi, Android Security and Privacy TeamEvery year at I/O we share the latest on privacy and security features on Android. But we know some users like to go a level deeper in understanding how we’re making the latest release safer, and more private, while continuing to offer a seamless experience. So let’s dig...

May 2022