Protecting Android users from 0-Day attacks

To protect our users, Google’s Threat Analysis Group (TAG) routinely hunts for 0-day vulnerabilities exploited in-the-wild. In 2021, we reported nine 0-days affecting Chrome, Android, Apple and Microsoft, leading to patches to protect users from these attacks. This blog is Read More …

Android app with 100,000 downloads contained password-stealing malware, say security researchers

Google has removed an app with over 1000,000 downloads from its Play Store after security researchers warned that the app was able to harvest the Facebook credentials of smartphone users. Researchers at French mobile security firm Pradeo said the app Read More …

Container Escape to Shadow Admin: GKE Autopilot Vulnerabilities

In February 2021, Google announced Autopilot, a new mode of operation in Google Kubernetes Engine (GKE). With Autopilot, Google provides a “hands-off” Kubernetes experience, managing cluster infrastructure for the customer. The platform automatically provisions and removes nodes based on resource Read More …

Google says nearly $9 million given out in 2021 vulnerability rewards

Google announced this week that its Vulnerability Reward Programs doled out $8,700,000 for vulnerability rewards in 2021. Researchers donated $300,000 of their rewards to a charity of their choice, according to a blog from Sarah Jacobus of Google’s Vulnerability Rewards Read More …

Two Birds With One Stone: An Introduction To V8 And JIT Exploitation

In this special blog series, ZDI Vulnerability Researcher Hossein Lotfi looks at the exploitation of V8 – Google’s open-source high-performance JavaScript and WebAssembly engine – through the lens of a bug used during Pwn2Own Vancouver 2021. The contest submission from Read More …