Author Archives: Google

Posted by Kent Walker, President, Global Affairs & Chief Legal Officer, Google & Alphabet and Royal Hansen, Vice President of Engineering for Privacy, Safety, and Security Should companies be responsible for cyberattacks? The U.S. government thinks so … Continue reading The US Government says companies should take more responsibility for cyberattacks. We agree.→

Posted by Oliver Chang, OSS-Fuzz team Since launching in 2016, Google’s free OSS-Fuzz code testing service has helped get over 8800 vulnerabilities and 28,000 bugs fixed across 850 projects. Today, we’re happy to announce an expansion of our OSS-Fuzz R… Continue reading Taking the next step: OSS-Fuzz in 2023→

Posted by Rex Pan, software engineer, Google Open Source Security TeamToday, we’re launching the OSV-Scanner, a free tool that gives open source developers easy access to vulnerability information relevant to their project. Last year, we undertook an e… Continue reading Announcing OSV-Scanner: Vulnerability Scanner for Open Source→

Posted by Brandon Lum, Mihai Maruseac, Isaac Hepworth, Google Open Source Security Team Supply chain security is at the fore of the industry’s collective consciousness. We’ve recently seen a significant rise in software supply chain attacks, a Log4j vu… Continue reading Announcing GUAC, a great pairing with SLSA (and SBOM)!→

Posted by Jonathan Metzman, Dongge Liu and Oliver Chang, Google Open Source Security Team Recently, OSS-Fuzz—our community fuzzing service that regularly checks 700 critical open source projects for bugs—detected a serious vulnerability (CVE-2022-3008)… Continue reading Fuzzing beyond memory corruption: Finding broader classes of vulnerabilities automatically→

Posted by Anton Bikineev, Michael Lippautz and Hannes Payer, Chrome security teamMemory safety in Chrome is an ever-ongoing effort to protect our users. We are constantly experimenting with different technologies to stay ahead of malicious actors. In t… Continue reading Retrofitting Temporal Memory Safety on C++→

Posted by Eugene Liderman and Sara N-Marandi, Android Security and Privacy TeamEvery year at I/O we share the latest on privacy and security features on Android. But we know some users like to go a level deeper in understanding how we’re making the lat… Continue reading I/O 2022: Android 13 security and privacy (and more!)→

Posted by Steve Kafka and Khawaja Shams, Android Security and Privacy Team Providing a safe experience to billions of users continues to be one of the highest priorities for Google Play. Last year we introduced multiple privacy focused features, enhanc… Continue reading How we fought bad apps and developers in 2021→

Posted by Adrian Taylor, Chrome Security TeamIf you are a regular reader of our Chrome release blog, you may have noticed that phrases like ‘exploit for CVE-1234-567 exists in the wild’ have been appearing more often recently. In this post we’ll explor… Continue reading What’s up with in-the-wild exploits? Plus, what we’re doing about it.→